├── .gitignore ├── LICENSE ├── README.md ├── capstone ├── arm.h ├── arm64.h ├── capstone.h ├── capstone_x64.lib ├── capstone_x86.lib ├── m68k.h ├── mips.h ├── platform.h ├── ppc.h ├── sparc.h ├── systemz.h ├── x86.h └── xcore.h ├── capstone_wrapper.cpp ├── capstone_wrapper.h ├── capstone_wrapper.sln ├── capstone_wrapper.vcxproj ├── capstone_wrapper.vcxproj.filters └── capstone_wrapper.vcxproj.user /.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | Release/ 3 | Debug/ 4 | *.sdf 5 | *.opensdf 6 | *.suo 7 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 x64dbg 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # capstone_wrapper 2 | 3 | C++ wrapper for capstone (x86 only). Used in [x64dbg](http://x64dbg.com) and [GleeBug](https://github.com/x64dbg/GleeBug). 4 | -------------------------------------------------------------------------------- /capstone/arm.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM_H 2 | #define CAPSTONE_ARM_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | #ifdef _MSC_VER 14 | #pragma warning(disable:4201) 15 | #endif 16 | 17 | //> ARM shift type 18 | typedef enum arm_shifter 19 | { 20 | ARM_SFT_INVALID = 0, 21 | ARM_SFT_ASR, // shift with immediate const 22 | ARM_SFT_LSL, // shift with immediate const 23 | ARM_SFT_LSR, // shift with immediate const 24 | ARM_SFT_ROR, // shift with immediate const 25 | ARM_SFT_RRX, // shift with immediate const 26 | ARM_SFT_ASR_REG, // shift with register 27 | ARM_SFT_LSL_REG, // shift with register 28 | ARM_SFT_LSR_REG, // shift with register 29 | ARM_SFT_ROR_REG, // shift with register 30 | ARM_SFT_RRX_REG, // shift with register 31 | } arm_shifter; 32 | 33 | //> ARM condition code 34 | typedef enum arm_cc 35 | { 36 | ARM_CC_INVALID = 0, 37 | ARM_CC_EQ, // Equal Equal 38 | ARM_CC_NE, // Not equal Not equal, or unordered 39 | ARM_CC_HS, // Carry set >, ==, or unordered 40 | ARM_CC_LO, // Carry clear Less than 41 | ARM_CC_MI, // Minus, negative Less than 42 | ARM_CC_PL, // Plus, positive or zero >, ==, or unordered 43 | ARM_CC_VS, // Overflow Unordered 44 | ARM_CC_VC, // No overflow Not unordered 45 | ARM_CC_HI, // Unsigned higher Greater than, or unordered 46 | ARM_CC_LS, // Unsigned lower or same Less than or equal 47 | ARM_CC_GE, // Greater than or equal Greater than or equal 48 | ARM_CC_LT, // Less than Less than, or unordered 49 | ARM_CC_GT, // Greater than Greater than 50 | ARM_CC_LE, // Less than or equal <, ==, or unordered 51 | ARM_CC_AL // Always (unconditional) Always (unconditional) 52 | } arm_cc; 53 | 54 | typedef enum arm_sysreg 55 | { 56 | //> Special registers for MSR 57 | ARM_SYSREG_INVALID = 0, 58 | 59 | // SPSR* registers can be OR combined 60 | ARM_SYSREG_SPSR_C = 1, 61 | ARM_SYSREG_SPSR_X = 2, 62 | ARM_SYSREG_SPSR_S = 4, 63 | ARM_SYSREG_SPSR_F = 8, 64 | 65 | // CPSR* registers can be OR combined 66 | ARM_SYSREG_CPSR_C = 16, 67 | ARM_SYSREG_CPSR_X = 32, 68 | ARM_SYSREG_CPSR_S = 64, 69 | ARM_SYSREG_CPSR_F = 128, 70 | 71 | // independent registers 72 | ARM_SYSREG_APSR = 256, 73 | ARM_SYSREG_APSR_G, 74 | ARM_SYSREG_APSR_NZCVQ, 75 | ARM_SYSREG_APSR_NZCVQG, 76 | 77 | ARM_SYSREG_IAPSR, 78 | ARM_SYSREG_IAPSR_G, 79 | ARM_SYSREG_IAPSR_NZCVQG, 80 | ARM_SYSREG_IAPSR_NZCVQ, 81 | 82 | ARM_SYSREG_EAPSR, 83 | ARM_SYSREG_EAPSR_G, 84 | ARM_SYSREG_EAPSR_NZCVQG, 85 | ARM_SYSREG_EAPSR_NZCVQ, 86 | 87 | ARM_SYSREG_XPSR, 88 | ARM_SYSREG_XPSR_G, 89 | ARM_SYSREG_XPSR_NZCVQG, 90 | ARM_SYSREG_XPSR_NZCVQ, 91 | 92 | ARM_SYSREG_IPSR, 93 | ARM_SYSREG_EPSR, 94 | ARM_SYSREG_IEPSR, 95 | 96 | ARM_SYSREG_MSP, 97 | ARM_SYSREG_PSP, 98 | ARM_SYSREG_PRIMASK, 99 | ARM_SYSREG_BASEPRI, 100 | ARM_SYSREG_BASEPRI_MAX, 101 | ARM_SYSREG_FAULTMASK, 102 | ARM_SYSREG_CONTROL, 103 | 104 | // Banked Registers 105 | ARM_SYSREG_R8_USR, 106 | ARM_SYSREG_R9_USR, 107 | ARM_SYSREG_R10_USR, 108 | ARM_SYSREG_R11_USR, 109 | ARM_SYSREG_R12_USR, 110 | ARM_SYSREG_SP_USR, 111 | ARM_SYSREG_LR_USR, 112 | ARM_SYSREG_R8_FIQ, 113 | ARM_SYSREG_R9_FIQ, 114 | ARM_SYSREG_R10_FIQ, 115 | ARM_SYSREG_R11_FIQ, 116 | ARM_SYSREG_R12_FIQ, 117 | ARM_SYSREG_SP_FIQ, 118 | ARM_SYSREG_LR_FIQ, 119 | ARM_SYSREG_LR_IRQ, 120 | ARM_SYSREG_SP_IRQ, 121 | ARM_SYSREG_LR_SVC, 122 | ARM_SYSREG_SP_SVC, 123 | ARM_SYSREG_LR_ABT, 124 | ARM_SYSREG_SP_ABT, 125 | ARM_SYSREG_LR_UND, 126 | ARM_SYSREG_SP_UND, 127 | ARM_SYSREG_LR_MON, 128 | ARM_SYSREG_SP_MON, 129 | ARM_SYSREG_ELR_HYP, 130 | ARM_SYSREG_SP_HYP, 131 | 132 | ARM_SYSREG_SPSR_FIQ, 133 | ARM_SYSREG_SPSR_IRQ, 134 | ARM_SYSREG_SPSR_SVC, 135 | ARM_SYSREG_SPSR_ABT, 136 | ARM_SYSREG_SPSR_UND, 137 | ARM_SYSREG_SPSR_MON, 138 | ARM_SYSREG_SPSR_HYP, 139 | } arm_sysreg; 140 | 141 | //> The memory barrier constants map directly to the 4-bit encoding of 142 | //> the option field for Memory Barrier operations. 143 | typedef enum arm_mem_barrier 144 | { 145 | ARM_MB_INVALID = 0, 146 | ARM_MB_RESERVED_0, 147 | ARM_MB_OSHLD, 148 | ARM_MB_OSHST, 149 | ARM_MB_OSH, 150 | ARM_MB_RESERVED_4, 151 | ARM_MB_NSHLD, 152 | ARM_MB_NSHST, 153 | ARM_MB_NSH, 154 | ARM_MB_RESERVED_8, 155 | ARM_MB_ISHLD, 156 | ARM_MB_ISHST, 157 | ARM_MB_ISH, 158 | ARM_MB_RESERVED_12, 159 | ARM_MB_LD, 160 | ARM_MB_ST, 161 | ARM_MB_SY, 162 | } arm_mem_barrier; 163 | 164 | //> Operand type for instruction's operands 165 | typedef enum arm_op_type 166 | { 167 | ARM_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 168 | ARM_OP_REG, // = CS_OP_REG (Register operand). 169 | ARM_OP_IMM, // = CS_OP_IMM (Immediate operand). 170 | ARM_OP_MEM, // = CS_OP_MEM (Memory operand). 171 | ARM_OP_FP, // = CS_OP_FP (Floating-Point operand). 172 | ARM_OP_CIMM = 64, // C-Immediate (coprocessor registers) 173 | ARM_OP_PIMM, // P-Immediate (coprocessor registers) 174 | ARM_OP_SETEND, // operand for SETEND instruction 175 | ARM_OP_SYSREG, // MSR/MRS special register operand 176 | } arm_op_type; 177 | 178 | //> Operand type for SETEND instruction 179 | typedef enum arm_setend_type 180 | { 181 | ARM_SETEND_INVALID = 0, // Uninitialized. 182 | ARM_SETEND_BE, // BE operand. 183 | ARM_SETEND_LE, // LE operand 184 | } arm_setend_type; 185 | 186 | typedef enum arm_cpsmode_type 187 | { 188 | ARM_CPSMODE_INVALID = 0, 189 | ARM_CPSMODE_IE = 2, 190 | ARM_CPSMODE_ID = 3 191 | } arm_cpsmode_type; 192 | 193 | //> Operand type for SETEND instruction 194 | typedef enum arm_cpsflag_type 195 | { 196 | ARM_CPSFLAG_INVALID = 0, 197 | ARM_CPSFLAG_F = 1, 198 | ARM_CPSFLAG_I = 2, 199 | ARM_CPSFLAG_A = 4, 200 | ARM_CPSFLAG_NONE = 16, // no flag 201 | } arm_cpsflag_type; 202 | 203 | //> Data type for elements of vector instructions. 204 | typedef enum arm_vectordata_type 205 | { 206 | ARM_VECTORDATA_INVALID = 0, 207 | 208 | // Integer type 209 | ARM_VECTORDATA_I8, 210 | ARM_VECTORDATA_I16, 211 | ARM_VECTORDATA_I32, 212 | ARM_VECTORDATA_I64, 213 | 214 | // Signed integer type 215 | ARM_VECTORDATA_S8, 216 | ARM_VECTORDATA_S16, 217 | ARM_VECTORDATA_S32, 218 | ARM_VECTORDATA_S64, 219 | 220 | // Unsigned integer type 221 | ARM_VECTORDATA_U8, 222 | ARM_VECTORDATA_U16, 223 | ARM_VECTORDATA_U32, 224 | ARM_VECTORDATA_U64, 225 | 226 | // Data type for VMUL/VMULL 227 | ARM_VECTORDATA_P8, 228 | 229 | // Floating type 230 | ARM_VECTORDATA_F32, 231 | ARM_VECTORDATA_F64, 232 | 233 | // Convert float <-> float 234 | ARM_VECTORDATA_F16F64, // f16.f64 235 | ARM_VECTORDATA_F64F16, // f64.f16 236 | ARM_VECTORDATA_F32F16, // f32.f16 237 | ARM_VECTORDATA_F16F32, // f32.f16 238 | ARM_VECTORDATA_F64F32, // f64.f32 239 | ARM_VECTORDATA_F32F64, // f32.f64 240 | 241 | // Convert integer <-> float 242 | ARM_VECTORDATA_S32F32, // s32.f32 243 | ARM_VECTORDATA_U32F32, // u32.f32 244 | ARM_VECTORDATA_F32S32, // f32.s32 245 | ARM_VECTORDATA_F32U32, // f32.u32 246 | ARM_VECTORDATA_F64S16, // f64.s16 247 | ARM_VECTORDATA_F32S16, // f32.s16 248 | ARM_VECTORDATA_F64S32, // f64.s32 249 | ARM_VECTORDATA_S16F64, // s16.f64 250 | ARM_VECTORDATA_S16F32, // s16.f64 251 | ARM_VECTORDATA_S32F64, // s32.f64 252 | ARM_VECTORDATA_U16F64, // u16.f64 253 | ARM_VECTORDATA_U16F32, // u16.f32 254 | ARM_VECTORDATA_U32F64, // u32.f64 255 | ARM_VECTORDATA_F64U16, // f64.u16 256 | ARM_VECTORDATA_F32U16, // f32.u16 257 | ARM_VECTORDATA_F64U32, // f64.u32 258 | } arm_vectordata_type; 259 | 260 | //> ARM registers 261 | typedef enum arm_reg 262 | { 263 | ARM_REG_INVALID = 0, 264 | ARM_REG_APSR, 265 | ARM_REG_APSR_NZCV, 266 | ARM_REG_CPSR, 267 | ARM_REG_FPEXC, 268 | ARM_REG_FPINST, 269 | ARM_REG_FPSCR, 270 | ARM_REG_FPSCR_NZCV, 271 | ARM_REG_FPSID, 272 | ARM_REG_ITSTATE, 273 | ARM_REG_LR, 274 | ARM_REG_PC, 275 | ARM_REG_SP, 276 | ARM_REG_SPSR, 277 | ARM_REG_D0, 278 | ARM_REG_D1, 279 | ARM_REG_D2, 280 | ARM_REG_D3, 281 | ARM_REG_D4, 282 | ARM_REG_D5, 283 | ARM_REG_D6, 284 | ARM_REG_D7, 285 | ARM_REG_D8, 286 | ARM_REG_D9, 287 | ARM_REG_D10, 288 | ARM_REG_D11, 289 | ARM_REG_D12, 290 | ARM_REG_D13, 291 | ARM_REG_D14, 292 | ARM_REG_D15, 293 | ARM_REG_D16, 294 | ARM_REG_D17, 295 | ARM_REG_D18, 296 | ARM_REG_D19, 297 | ARM_REG_D20, 298 | ARM_REG_D21, 299 | ARM_REG_D22, 300 | ARM_REG_D23, 301 | ARM_REG_D24, 302 | ARM_REG_D25, 303 | ARM_REG_D26, 304 | ARM_REG_D27, 305 | ARM_REG_D28, 306 | ARM_REG_D29, 307 | ARM_REG_D30, 308 | ARM_REG_D31, 309 | ARM_REG_FPINST2, 310 | ARM_REG_MVFR0, 311 | ARM_REG_MVFR1, 312 | ARM_REG_MVFR2, 313 | ARM_REG_Q0, 314 | ARM_REG_Q1, 315 | ARM_REG_Q2, 316 | ARM_REG_Q3, 317 | ARM_REG_Q4, 318 | ARM_REG_Q5, 319 | ARM_REG_Q6, 320 | ARM_REG_Q7, 321 | ARM_REG_Q8, 322 | ARM_REG_Q9, 323 | ARM_REG_Q10, 324 | ARM_REG_Q11, 325 | ARM_REG_Q12, 326 | ARM_REG_Q13, 327 | ARM_REG_Q14, 328 | ARM_REG_Q15, 329 | ARM_REG_R0, 330 | ARM_REG_R1, 331 | ARM_REG_R2, 332 | ARM_REG_R3, 333 | ARM_REG_R4, 334 | ARM_REG_R5, 335 | ARM_REG_R6, 336 | ARM_REG_R7, 337 | ARM_REG_R8, 338 | ARM_REG_R9, 339 | ARM_REG_R10, 340 | ARM_REG_R11, 341 | ARM_REG_R12, 342 | ARM_REG_S0, 343 | ARM_REG_S1, 344 | ARM_REG_S2, 345 | ARM_REG_S3, 346 | ARM_REG_S4, 347 | ARM_REG_S5, 348 | ARM_REG_S6, 349 | ARM_REG_S7, 350 | ARM_REG_S8, 351 | ARM_REG_S9, 352 | ARM_REG_S10, 353 | ARM_REG_S11, 354 | ARM_REG_S12, 355 | ARM_REG_S13, 356 | ARM_REG_S14, 357 | ARM_REG_S15, 358 | ARM_REG_S16, 359 | ARM_REG_S17, 360 | ARM_REG_S18, 361 | ARM_REG_S19, 362 | ARM_REG_S20, 363 | ARM_REG_S21, 364 | ARM_REG_S22, 365 | ARM_REG_S23, 366 | ARM_REG_S24, 367 | ARM_REG_S25, 368 | ARM_REG_S26, 369 | ARM_REG_S27, 370 | ARM_REG_S28, 371 | ARM_REG_S29, 372 | ARM_REG_S30, 373 | ARM_REG_S31, 374 | 375 | ARM_REG_ENDING, // <-- mark the end of the list or registers 376 | 377 | //> alias registers 378 | ARM_REG_R13 = ARM_REG_SP, 379 | ARM_REG_R14 = ARM_REG_LR, 380 | ARM_REG_R15 = ARM_REG_PC, 381 | 382 | ARM_REG_SB = ARM_REG_R9, 383 | ARM_REG_SL = ARM_REG_R10, 384 | ARM_REG_FP = ARM_REG_R11, 385 | ARM_REG_IP = ARM_REG_R12, 386 | } arm_reg; 387 | 388 | // Instruction's operand referring to memory 389 | // This is associated with ARM_OP_MEM operand type above 390 | typedef struct arm_op_mem 391 | { 392 | arm_reg base; // base register 393 | arm_reg index; // index register 394 | int scale; // scale for index register (can be 1, or -1) 395 | int disp; // displacement/offset value 396 | int lshift; // left-shift on index register, or 0 if irrelevant. 397 | } arm_op_mem; 398 | 399 | // Instruction operand 400 | typedef struct cs_arm_op 401 | { 402 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 403 | 404 | struct 405 | { 406 | arm_shifter type; 407 | unsigned int value; 408 | } shift; 409 | 410 | arm_op_type type; // operand type 411 | 412 | union 413 | { 414 | int reg; // register value for REG/SYSREG operand 415 | int32_t imm; // immediate value for C-IMM, P-IMM or IMM operand 416 | double fp; // floating point value for FP operand 417 | arm_op_mem mem; // base/index/scale/disp value for MEM operand 418 | arm_setend_type setend; // SETEND instruction's operand type 419 | }; 420 | 421 | // in some instructions, an operand can be subtracted or added to 422 | // the base register, 423 | bool subtracted; // if TRUE, this operand is subtracted. otherwise, it is added. 424 | 425 | // How is this operand accessed? (READ, WRITE or READ|WRITE) 426 | // This field is combined of cs_ac_type. 427 | // NOTE: this field is irrelevant if engine is compiled in DIET mode. 428 | uint8_t access; 429 | 430 | // Neon lane index for NEON instructions (or -1 if irrelevant) 431 | int8_t neon_lane; 432 | } cs_arm_op; 433 | 434 | // Instruction structure 435 | typedef struct cs_arm 436 | { 437 | bool usermode; // User-mode registers to be loaded (for LDM/STM instructions) 438 | int vector_size; // Scalar size for vector instructions 439 | arm_vectordata_type vector_data; // Data type for elements of vector instructions 440 | arm_cpsmode_type cps_mode; // CPS mode for CPS instruction 441 | arm_cpsflag_type cps_flag; // CPS mode for CPS instruction 442 | arm_cc cc; // conditional code for this insn 443 | bool update_flags; // does this insn update flags? 444 | bool writeback; // does this insn write-back? 445 | arm_mem_barrier mem_barrier; // Option for some memory barrier instructions 446 | 447 | // Number of operands of this instruction, 448 | // or 0 when instruction has no operand. 449 | uint8_t op_count; 450 | 451 | cs_arm_op operands[36]; // operands for this instruction. 452 | } cs_arm; 453 | 454 | //> ARM instruction 455 | typedef enum arm_insn 456 | { 457 | ARM_INS_INVALID = 0, 458 | 459 | ARM_INS_ADC, 460 | ARM_INS_ADD, 461 | ARM_INS_ADR, 462 | ARM_INS_AESD, 463 | ARM_INS_AESE, 464 | ARM_INS_AESIMC, 465 | ARM_INS_AESMC, 466 | ARM_INS_AND, 467 | ARM_INS_BFC, 468 | ARM_INS_BFI, 469 | ARM_INS_BIC, 470 | ARM_INS_BKPT, 471 | ARM_INS_BL, 472 | ARM_INS_BLX, 473 | ARM_INS_BX, 474 | ARM_INS_BXJ, 475 | ARM_INS_B, 476 | ARM_INS_CDP, 477 | ARM_INS_CDP2, 478 | ARM_INS_CLREX, 479 | ARM_INS_CLZ, 480 | ARM_INS_CMN, 481 | ARM_INS_CMP, 482 | ARM_INS_CPS, 483 | ARM_INS_CRC32B, 484 | ARM_INS_CRC32CB, 485 | ARM_INS_CRC32CH, 486 | ARM_INS_CRC32CW, 487 | ARM_INS_CRC32H, 488 | ARM_INS_CRC32W, 489 | ARM_INS_DBG, 490 | ARM_INS_DMB, 491 | ARM_INS_DSB, 492 | ARM_INS_EOR, 493 | ARM_INS_ERET, 494 | ARM_INS_VMOV, 495 | ARM_INS_FLDMDBX, 496 | ARM_INS_FLDMIAX, 497 | ARM_INS_VMRS, 498 | ARM_INS_FSTMDBX, 499 | ARM_INS_FSTMIAX, 500 | ARM_INS_HINT, 501 | ARM_INS_HLT, 502 | ARM_INS_HVC, 503 | ARM_INS_ISB, 504 | ARM_INS_LDA, 505 | ARM_INS_LDAB, 506 | ARM_INS_LDAEX, 507 | ARM_INS_LDAEXB, 508 | ARM_INS_LDAEXD, 509 | ARM_INS_LDAEXH, 510 | ARM_INS_LDAH, 511 | ARM_INS_LDC2L, 512 | ARM_INS_LDC2, 513 | ARM_INS_LDCL, 514 | ARM_INS_LDC, 515 | ARM_INS_LDMDA, 516 | ARM_INS_LDMDB, 517 | ARM_INS_LDM, 518 | ARM_INS_LDMIB, 519 | ARM_INS_LDRBT, 520 | ARM_INS_LDRB, 521 | ARM_INS_LDRD, 522 | ARM_INS_LDREX, 523 | ARM_INS_LDREXB, 524 | ARM_INS_LDREXD, 525 | ARM_INS_LDREXH, 526 | ARM_INS_LDRH, 527 | ARM_INS_LDRHT, 528 | ARM_INS_LDRSB, 529 | ARM_INS_LDRSBT, 530 | ARM_INS_LDRSH, 531 | ARM_INS_LDRSHT, 532 | ARM_INS_LDRT, 533 | ARM_INS_LDR, 534 | ARM_INS_MCR, 535 | ARM_INS_MCR2, 536 | ARM_INS_MCRR, 537 | ARM_INS_MCRR2, 538 | ARM_INS_MLA, 539 | ARM_INS_MLS, 540 | ARM_INS_MOV, 541 | ARM_INS_MOVT, 542 | ARM_INS_MOVW, 543 | ARM_INS_MRC, 544 | ARM_INS_MRC2, 545 | ARM_INS_MRRC, 546 | ARM_INS_MRRC2, 547 | ARM_INS_MRS, 548 | ARM_INS_MSR, 549 | ARM_INS_MUL, 550 | ARM_INS_MVN, 551 | ARM_INS_ORR, 552 | ARM_INS_PKHBT, 553 | ARM_INS_PKHTB, 554 | ARM_INS_PLDW, 555 | ARM_INS_PLD, 556 | ARM_INS_PLI, 557 | ARM_INS_QADD, 558 | ARM_INS_QADD16, 559 | ARM_INS_QADD8, 560 | ARM_INS_QASX, 561 | ARM_INS_QDADD, 562 | ARM_INS_QDSUB, 563 | ARM_INS_QSAX, 564 | ARM_INS_QSUB, 565 | ARM_INS_QSUB16, 566 | ARM_INS_QSUB8, 567 | ARM_INS_RBIT, 568 | ARM_INS_REV, 569 | ARM_INS_REV16, 570 | ARM_INS_REVSH, 571 | ARM_INS_RFEDA, 572 | ARM_INS_RFEDB, 573 | ARM_INS_RFEIA, 574 | ARM_INS_RFEIB, 575 | ARM_INS_RSB, 576 | ARM_INS_RSC, 577 | ARM_INS_SADD16, 578 | ARM_INS_SADD8, 579 | ARM_INS_SASX, 580 | ARM_INS_SBC, 581 | ARM_INS_SBFX, 582 | ARM_INS_SDIV, 583 | ARM_INS_SEL, 584 | ARM_INS_SETEND, 585 | ARM_INS_SHA1C, 586 | ARM_INS_SHA1H, 587 | ARM_INS_SHA1M, 588 | ARM_INS_SHA1P, 589 | ARM_INS_SHA1SU0, 590 | ARM_INS_SHA1SU1, 591 | ARM_INS_SHA256H, 592 | ARM_INS_SHA256H2, 593 | ARM_INS_SHA256SU0, 594 | ARM_INS_SHA256SU1, 595 | ARM_INS_SHADD16, 596 | ARM_INS_SHADD8, 597 | ARM_INS_SHASX, 598 | ARM_INS_SHSAX, 599 | ARM_INS_SHSUB16, 600 | ARM_INS_SHSUB8, 601 | ARM_INS_SMC, 602 | ARM_INS_SMLABB, 603 | ARM_INS_SMLABT, 604 | ARM_INS_SMLAD, 605 | ARM_INS_SMLADX, 606 | ARM_INS_SMLAL, 607 | ARM_INS_SMLALBB, 608 | ARM_INS_SMLALBT, 609 | ARM_INS_SMLALD, 610 | ARM_INS_SMLALDX, 611 | ARM_INS_SMLALTB, 612 | ARM_INS_SMLALTT, 613 | ARM_INS_SMLATB, 614 | ARM_INS_SMLATT, 615 | ARM_INS_SMLAWB, 616 | ARM_INS_SMLAWT, 617 | ARM_INS_SMLSD, 618 | ARM_INS_SMLSDX, 619 | ARM_INS_SMLSLD, 620 | ARM_INS_SMLSLDX, 621 | ARM_INS_SMMLA, 622 | ARM_INS_SMMLAR, 623 | ARM_INS_SMMLS, 624 | ARM_INS_SMMLSR, 625 | ARM_INS_SMMUL, 626 | ARM_INS_SMMULR, 627 | ARM_INS_SMUAD, 628 | ARM_INS_SMUADX, 629 | ARM_INS_SMULBB, 630 | ARM_INS_SMULBT, 631 | ARM_INS_SMULL, 632 | ARM_INS_SMULTB, 633 | ARM_INS_SMULTT, 634 | ARM_INS_SMULWB, 635 | ARM_INS_SMULWT, 636 | ARM_INS_SMUSD, 637 | ARM_INS_SMUSDX, 638 | ARM_INS_SRSDA, 639 | ARM_INS_SRSDB, 640 | ARM_INS_SRSIA, 641 | ARM_INS_SRSIB, 642 | ARM_INS_SSAT, 643 | ARM_INS_SSAT16, 644 | ARM_INS_SSAX, 645 | ARM_INS_SSUB16, 646 | ARM_INS_SSUB8, 647 | ARM_INS_STC2L, 648 | ARM_INS_STC2, 649 | ARM_INS_STCL, 650 | ARM_INS_STC, 651 | ARM_INS_STL, 652 | ARM_INS_STLB, 653 | ARM_INS_STLEX, 654 | ARM_INS_STLEXB, 655 | ARM_INS_STLEXD, 656 | ARM_INS_STLEXH, 657 | ARM_INS_STLH, 658 | ARM_INS_STMDA, 659 | ARM_INS_STMDB, 660 | ARM_INS_STM, 661 | ARM_INS_STMIB, 662 | ARM_INS_STRBT, 663 | ARM_INS_STRB, 664 | ARM_INS_STRD, 665 | ARM_INS_STREX, 666 | ARM_INS_STREXB, 667 | ARM_INS_STREXD, 668 | ARM_INS_STREXH, 669 | ARM_INS_STRH, 670 | ARM_INS_STRHT, 671 | ARM_INS_STRT, 672 | ARM_INS_STR, 673 | ARM_INS_SUB, 674 | ARM_INS_SVC, 675 | ARM_INS_SWP, 676 | ARM_INS_SWPB, 677 | ARM_INS_SXTAB, 678 | ARM_INS_SXTAB16, 679 | ARM_INS_SXTAH, 680 | ARM_INS_SXTB, 681 | ARM_INS_SXTB16, 682 | ARM_INS_SXTH, 683 | ARM_INS_TEQ, 684 | ARM_INS_TRAP, 685 | ARM_INS_TST, 686 | ARM_INS_UADD16, 687 | ARM_INS_UADD8, 688 | ARM_INS_UASX, 689 | ARM_INS_UBFX, 690 | ARM_INS_UDF, 691 | ARM_INS_UDIV, 692 | ARM_INS_UHADD16, 693 | ARM_INS_UHADD8, 694 | ARM_INS_UHASX, 695 | ARM_INS_UHSAX, 696 | ARM_INS_UHSUB16, 697 | ARM_INS_UHSUB8, 698 | ARM_INS_UMAAL, 699 | ARM_INS_UMLAL, 700 | ARM_INS_UMULL, 701 | ARM_INS_UQADD16, 702 | ARM_INS_UQADD8, 703 | ARM_INS_UQASX, 704 | ARM_INS_UQSAX, 705 | ARM_INS_UQSUB16, 706 | ARM_INS_UQSUB8, 707 | ARM_INS_USAD8, 708 | ARM_INS_USADA8, 709 | ARM_INS_USAT, 710 | ARM_INS_USAT16, 711 | ARM_INS_USAX, 712 | ARM_INS_USUB16, 713 | ARM_INS_USUB8, 714 | ARM_INS_UXTAB, 715 | ARM_INS_UXTAB16, 716 | ARM_INS_UXTAH, 717 | ARM_INS_UXTB, 718 | ARM_INS_UXTB16, 719 | ARM_INS_UXTH, 720 | ARM_INS_VABAL, 721 | ARM_INS_VABA, 722 | ARM_INS_VABDL, 723 | ARM_INS_VABD, 724 | ARM_INS_VABS, 725 | ARM_INS_VACGE, 726 | ARM_INS_VACGT, 727 | ARM_INS_VADD, 728 | ARM_INS_VADDHN, 729 | ARM_INS_VADDL, 730 | ARM_INS_VADDW, 731 | ARM_INS_VAND, 732 | ARM_INS_VBIC, 733 | ARM_INS_VBIF, 734 | ARM_INS_VBIT, 735 | ARM_INS_VBSL, 736 | ARM_INS_VCEQ, 737 | ARM_INS_VCGE, 738 | ARM_INS_VCGT, 739 | ARM_INS_VCLE, 740 | ARM_INS_VCLS, 741 | ARM_INS_VCLT, 742 | ARM_INS_VCLZ, 743 | ARM_INS_VCMP, 744 | ARM_INS_VCMPE, 745 | ARM_INS_VCNT, 746 | ARM_INS_VCVTA, 747 | ARM_INS_VCVTB, 748 | ARM_INS_VCVT, 749 | ARM_INS_VCVTM, 750 | ARM_INS_VCVTN, 751 | ARM_INS_VCVTP, 752 | ARM_INS_VCVTT, 753 | ARM_INS_VDIV, 754 | ARM_INS_VDUP, 755 | ARM_INS_VEOR, 756 | ARM_INS_VEXT, 757 | ARM_INS_VFMA, 758 | ARM_INS_VFMS, 759 | ARM_INS_VFNMA, 760 | ARM_INS_VFNMS, 761 | ARM_INS_VHADD, 762 | ARM_INS_VHSUB, 763 | ARM_INS_VLD1, 764 | ARM_INS_VLD2, 765 | ARM_INS_VLD3, 766 | ARM_INS_VLD4, 767 | ARM_INS_VLDMDB, 768 | ARM_INS_VLDMIA, 769 | ARM_INS_VLDR, 770 | ARM_INS_VMAXNM, 771 | ARM_INS_VMAX, 772 | ARM_INS_VMINNM, 773 | ARM_INS_VMIN, 774 | ARM_INS_VMLA, 775 | ARM_INS_VMLAL, 776 | ARM_INS_VMLS, 777 | ARM_INS_VMLSL, 778 | ARM_INS_VMOVL, 779 | ARM_INS_VMOVN, 780 | ARM_INS_VMSR, 781 | ARM_INS_VMUL, 782 | ARM_INS_VMULL, 783 | ARM_INS_VMVN, 784 | ARM_INS_VNEG, 785 | ARM_INS_VNMLA, 786 | ARM_INS_VNMLS, 787 | ARM_INS_VNMUL, 788 | ARM_INS_VORN, 789 | ARM_INS_VORR, 790 | ARM_INS_VPADAL, 791 | ARM_INS_VPADDL, 792 | ARM_INS_VPADD, 793 | ARM_INS_VPMAX, 794 | ARM_INS_VPMIN, 795 | ARM_INS_VQABS, 796 | ARM_INS_VQADD, 797 | ARM_INS_VQDMLAL, 798 | ARM_INS_VQDMLSL, 799 | ARM_INS_VQDMULH, 800 | ARM_INS_VQDMULL, 801 | ARM_INS_VQMOVUN, 802 | ARM_INS_VQMOVN, 803 | ARM_INS_VQNEG, 804 | ARM_INS_VQRDMULH, 805 | ARM_INS_VQRSHL, 806 | ARM_INS_VQRSHRN, 807 | ARM_INS_VQRSHRUN, 808 | ARM_INS_VQSHL, 809 | ARM_INS_VQSHLU, 810 | ARM_INS_VQSHRN, 811 | ARM_INS_VQSHRUN, 812 | ARM_INS_VQSUB, 813 | ARM_INS_VRADDHN, 814 | ARM_INS_VRECPE, 815 | ARM_INS_VRECPS, 816 | ARM_INS_VREV16, 817 | ARM_INS_VREV32, 818 | ARM_INS_VREV64, 819 | ARM_INS_VRHADD, 820 | ARM_INS_VRINTA, 821 | ARM_INS_VRINTM, 822 | ARM_INS_VRINTN, 823 | ARM_INS_VRINTP, 824 | ARM_INS_VRINTR, 825 | ARM_INS_VRINTX, 826 | ARM_INS_VRINTZ, 827 | ARM_INS_VRSHL, 828 | ARM_INS_VRSHRN, 829 | ARM_INS_VRSHR, 830 | ARM_INS_VRSQRTE, 831 | ARM_INS_VRSQRTS, 832 | ARM_INS_VRSRA, 833 | ARM_INS_VRSUBHN, 834 | ARM_INS_VSELEQ, 835 | ARM_INS_VSELGE, 836 | ARM_INS_VSELGT, 837 | ARM_INS_VSELVS, 838 | ARM_INS_VSHLL, 839 | ARM_INS_VSHL, 840 | ARM_INS_VSHRN, 841 | ARM_INS_VSHR, 842 | ARM_INS_VSLI, 843 | ARM_INS_VSQRT, 844 | ARM_INS_VSRA, 845 | ARM_INS_VSRI, 846 | ARM_INS_VST1, 847 | ARM_INS_VST2, 848 | ARM_INS_VST3, 849 | ARM_INS_VST4, 850 | ARM_INS_VSTMDB, 851 | ARM_INS_VSTMIA, 852 | ARM_INS_VSTR, 853 | ARM_INS_VSUB, 854 | ARM_INS_VSUBHN, 855 | ARM_INS_VSUBL, 856 | ARM_INS_VSUBW, 857 | ARM_INS_VSWP, 858 | ARM_INS_VTBL, 859 | ARM_INS_VTBX, 860 | ARM_INS_VCVTR, 861 | ARM_INS_VTRN, 862 | ARM_INS_VTST, 863 | ARM_INS_VUZP, 864 | ARM_INS_VZIP, 865 | ARM_INS_ADDW, 866 | ARM_INS_ASR, 867 | ARM_INS_DCPS1, 868 | ARM_INS_DCPS2, 869 | ARM_INS_DCPS3, 870 | ARM_INS_IT, 871 | ARM_INS_LSL, 872 | ARM_INS_LSR, 873 | ARM_INS_ORN, 874 | ARM_INS_ROR, 875 | ARM_INS_RRX, 876 | ARM_INS_SUBW, 877 | ARM_INS_TBB, 878 | ARM_INS_TBH, 879 | ARM_INS_CBNZ, 880 | ARM_INS_CBZ, 881 | ARM_INS_POP, 882 | ARM_INS_PUSH, 883 | 884 | // special instructions 885 | ARM_INS_NOP, 886 | ARM_INS_YIELD, 887 | ARM_INS_WFE, 888 | ARM_INS_WFI, 889 | ARM_INS_SEV, 890 | ARM_INS_SEVL, 891 | ARM_INS_VPUSH, 892 | ARM_INS_VPOP, 893 | 894 | ARM_INS_ENDING, // <-- mark the end of the list of instructions 895 | } arm_insn; 896 | 897 | //> Group of ARM instructions 898 | typedef enum arm_insn_group 899 | { 900 | ARM_GRP_INVALID = 0, // = CS_GRP_INVALID 901 | 902 | //> Generic groups 903 | // all jump instructions (conditional+direct+indirect jumps) 904 | ARM_GRP_JUMP, // = CS_GRP_JUMP 905 | ARM_GRP_CALL, // = CS_GRP_CALL 906 | ARM_GRP_INT = 4, // = CS_GRP_INT 907 | ARM_GRP_PRIVILEGE = 6, // = CS_GRP_PRIVILEGE 908 | 909 | //> Architecture-specific groups 910 | ARM_GRP_CRYPTO = 128, 911 | ARM_GRP_DATABARRIER, 912 | ARM_GRP_DIVIDE, 913 | ARM_GRP_FPARMV8, 914 | ARM_GRP_MULTPRO, 915 | ARM_GRP_NEON, 916 | ARM_GRP_T2EXTRACTPACK, 917 | ARM_GRP_THUMB2DSP, 918 | ARM_GRP_TRUSTZONE, 919 | ARM_GRP_V4T, 920 | ARM_GRP_V5T, 921 | ARM_GRP_V5TE, 922 | ARM_GRP_V6, 923 | ARM_GRP_V6T2, 924 | ARM_GRP_V7, 925 | ARM_GRP_V8, 926 | ARM_GRP_VFP2, 927 | ARM_GRP_VFP3, 928 | ARM_GRP_VFP4, 929 | ARM_GRP_ARM, 930 | ARM_GRP_MCLASS, 931 | ARM_GRP_NOTMCLASS, 932 | ARM_GRP_THUMB, 933 | ARM_GRP_THUMB1ONLY, 934 | ARM_GRP_THUMB2, 935 | ARM_GRP_PREV8, 936 | ARM_GRP_FPVMLX, 937 | ARM_GRP_MULOPS, 938 | ARM_GRP_CRC, 939 | ARM_GRP_DPVFP, 940 | ARM_GRP_V6M, 941 | ARM_GRP_VIRTUALIZATION, 942 | 943 | ARM_GRP_ENDING, 944 | } arm_insn_group; 945 | 946 | #ifdef __cplusplus 947 | } 948 | #endif 949 | 950 | #endif 951 | -------------------------------------------------------------------------------- /capstone/capstone.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ENGINE_H 2 | #define CAPSTONE_ENGINE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2016 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | 13 | #if defined(CAPSTONE_HAS_OSXKERNEL) 14 | #include 15 | #else 16 | #include 17 | #include 18 | #endif 19 | 20 | #include "platform.h" 21 | 22 | #ifdef _MSC_VER 23 | #pragma warning(disable:4201) 24 | #pragma warning(disable:4100) 25 | #define CAPSTONE_API __cdecl 26 | #ifdef CAPSTONE_SHARED 27 | #define CAPSTONE_EXPORT __declspec(dllexport) 28 | #else // defined(CAPSTONE_STATIC) 29 | #define CAPSTONE_EXPORT 30 | #endif 31 | #else 32 | #define CAPSTONE_API 33 | #ifdef __GNUC__ 34 | #define CAPSTONE_EXPORT __attribute__((visibility("default"))) 35 | #else 36 | #define CAPSTONE_EXPORT 37 | #endif 38 | #endif 39 | 40 | #ifdef __GNUC__ 41 | #define CAPSTONE_DEPRECATED __attribute__((deprecated)) 42 | #elif defined(_MSC_VER) 43 | #define CAPSTONE_DEPRECATED __declspec(deprecated) 44 | #else 45 | #pragma message("WARNING: You need to implement CAPSTONE_DEPRECATED for this compiler") 46 | #define CAPSTONE_DEPRECATED 47 | #endif 48 | 49 | // Capstone API version 50 | #define CS_API_MAJOR 4 51 | #define CS_API_MINOR 0 52 | 53 | // Version for bleeding edge code of the Github's "next" branch. 54 | // Use this if you want the absolutely latest developement code. 55 | // This version number will be bumped up whenever we have a new major change. 56 | #define CS_NEXT_VERSION 4 57 | 58 | // Capstone package version 59 | #define CS_VERSION_MAJOR CS_API_MAJOR 60 | #define CS_VERSION_MINOR CS_API_MINOR 61 | #define CS_VERSION_EXTRA 0 62 | 63 | // Macro to create combined version which can be compared to 64 | // result of cs_version() API. 65 | #define CS_MAKE_VERSION(major, minor) ((major << 8) + minor) 66 | 67 | // Maximum size of an instruction mnemonic string. 68 | #define CS_MNEMONIC_SIZE 32 69 | 70 | // Handle using with all API 71 | typedef size_t csh; 72 | 73 | // Architecture type 74 | typedef enum cs_arch 75 | { 76 | CS_ARCH_ARM = 0, // ARM architecture (including Thumb, Thumb-2) 77 | CS_ARCH_ARM64, // ARM-64, also called AArch64 78 | CS_ARCH_MIPS, // Mips architecture 79 | CS_ARCH_X86, // X86 architecture (including x86 & x86-64) 80 | CS_ARCH_PPC, // PowerPC architecture 81 | CS_ARCH_SPARC, // Sparc architecture 82 | CS_ARCH_SYSZ, // SystemZ architecture 83 | CS_ARCH_XCORE, // XCore architecture 84 | CS_ARCH_M68K, // 68K architecture 85 | CS_ARCH_MAX, 86 | CS_ARCH_ALL = 0xFFFF, // All architectures - for cs_support() 87 | } cs_arch; 88 | 89 | // Support value to verify diet mode of the engine. 90 | // If cs_support(CS_SUPPORT_DIET) return True, the engine was compiled 91 | // in diet mode. 92 | #define CS_SUPPORT_DIET (CS_ARCH_ALL + 1) 93 | 94 | // Support value to verify X86 reduce mode of the engine. 95 | // If cs_support(CS_SUPPORT_X86_REDUCE) return True, the engine was compiled 96 | // in X86 reduce mode. 97 | #define CS_SUPPORT_X86_REDUCE (CS_ARCH_ALL + 2) 98 | 99 | // Mode type 100 | typedef enum cs_mode 101 | { 102 | CS_MODE_LITTLE_ENDIAN = 0, // little-endian mode (default mode) 103 | CS_MODE_ARM = 0, // 32-bit ARM 104 | CS_MODE_16 = 1 << 1, // 16-bit mode (X86) 105 | CS_MODE_32 = 1 << 2, // 32-bit mode (X86) 106 | CS_MODE_64 = 1 << 3, // 64-bit mode (X86, PPC) 107 | CS_MODE_THUMB = 1 << 4, // ARM's Thumb mode, including Thumb-2 108 | CS_MODE_MCLASS = 1 << 5, // ARM's Cortex-M series 109 | CS_MODE_V8 = 1 << 6, // ARMv8 A32 encodings for ARM 110 | CS_MODE_MICRO = 1 << 4, // MicroMips mode (MIPS) 111 | CS_MODE_MIPS3 = 1 << 5, // Mips III ISA 112 | CS_MODE_MIPS32R6 = 1 << 6, // Mips32r6 ISA 113 | CS_MODE_V9 = 1 << 4, // SparcV9 mode (Sparc) 114 | CS_MODE_QPX = 1 << 4, // Quad Processing eXtensions mode (PPC) 115 | CS_MODE_M68K_000 = 1 << 1, // M68K 68000 mode 116 | CS_MODE_M68K_010 = 1 << 2, // M68K 68010 mode 117 | CS_MODE_M68K_020 = 1 << 3, // M68K 68020 mode 118 | CS_MODE_M68K_030 = 1 << 4, // M68K 68030 mode 119 | CS_MODE_M68K_040 = 1 << 5, // M68K 68040 mode 120 | CS_MODE_M68K_060 = 1 << 6, // M68K 68060 mode 121 | CS_MODE_BIG_ENDIAN = 1 << 31, // big-endian mode 122 | CS_MODE_MIPS32 = CS_MODE_32, // Mips32 ISA (Mips) 123 | CS_MODE_MIPS64 = CS_MODE_64, // Mips64 ISA (Mips) 124 | } cs_mode; 125 | 126 | typedef void* (CAPSTONE_API* cs_malloc_t)(size_t size); 127 | typedef void* (CAPSTONE_API* cs_calloc_t)(size_t nmemb, size_t size); 128 | typedef void* (CAPSTONE_API* cs_realloc_t)(void* ptr, size_t size); 129 | typedef void (CAPSTONE_API* cs_free_t)(void* ptr); 130 | typedef int (CAPSTONE_API* cs_vsnprintf_t)(char* str, size_t size, const char* format, va_list ap); 131 | 132 | 133 | // User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() 134 | // By default, Capstone uses system's malloc(), calloc(), realloc(), free() & vsnprintf(). 135 | typedef struct cs_opt_mem 136 | { 137 | cs_malloc_t malloc; 138 | cs_calloc_t calloc; 139 | cs_realloc_t realloc; 140 | cs_free_t free; 141 | cs_vsnprintf_t vsnprintf; 142 | } cs_opt_mem; 143 | 144 | // Customize mnemonic for instructions with alternative name. 145 | // To reset existing customized instruction to its default mnemonic, 146 | // call cs_option(CS_OPT_MNEMONIC) again with the same @id and NULL value 147 | // for @mnemonic. 148 | typedef struct cs_opt_mnem 149 | { 150 | // ID of instruction to be customized. 151 | unsigned int id; 152 | // Customized instruction mnemonic. 153 | const char* mnemonic; 154 | } cs_opt_mnem; 155 | 156 | // Runtime option for the disassembled engine 157 | typedef enum cs_opt_type 158 | { 159 | CS_OPT_INVALID = 0, // No option specified 160 | CS_OPT_SYNTAX, // Assembly output syntax 161 | CS_OPT_DETAIL, // Break down instruction structure into details 162 | CS_OPT_MODE, // Change engine's mode at run-time 163 | CS_OPT_MEM, // User-defined dynamic memory related functions 164 | CS_OPT_SKIPDATA, // Skip data when disassembling. Then engine is in SKIPDATA mode. 165 | CS_OPT_SKIPDATA_SETUP, // Setup user-defined function for SKIPDATA option 166 | CS_OPT_MNEMONIC, // Customize instruction mnemonic 167 | CS_OPT_UNSIGNED, // print immediate operands in unsigned form 168 | } cs_opt_type; 169 | 170 | // Runtime option value (associated with option type above) 171 | typedef enum cs_opt_value 172 | { 173 | CS_OPT_OFF = 0, // Turn OFF an option - default for CS_OPT_DETAIL, CS_OPT_SKIPDATA, CS_OPT_UNSIGNED. 174 | CS_OPT_ON = 3, // Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). 175 | CS_OPT_SYNTAX_DEFAULT = 0, // Default asm syntax (CS_OPT_SYNTAX). 176 | CS_OPT_SYNTAX_INTEL, // X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). 177 | CS_OPT_SYNTAX_ATT, // X86 ATT asm syntax (CS_OPT_SYNTAX). 178 | CS_OPT_SYNTAX_NOREGNAME, // Prints register name with only number (CS_OPT_SYNTAX) 179 | CS_OPT_SYNTAX_MASM, // X86 Intel Masm syntax (CS_OPT_SYNTAX). 180 | } cs_opt_value; 181 | 182 | //> Common instruction operand types - to be consistent across all architectures. 183 | typedef enum cs_op_type 184 | { 185 | CS_OP_INVALID = 0, // uninitialized/invalid operand. 186 | CS_OP_REG, // Register operand. 187 | CS_OP_IMM, // Immediate operand. 188 | CS_OP_MEM, // Memory operand. 189 | CS_OP_FP, // Floating-Point operand. 190 | } cs_op_type; 191 | 192 | //> Common instruction operand access types - to be consistent across all architectures. 193 | //> It is possible to combine access types, for example: CS_AC_READ | CS_AC_WRITE 194 | typedef enum cs_ac_type 195 | { 196 | CS_AC_INVALID = 0, // Uninitialized/invalid access type. 197 | CS_AC_READ = 1 << 0, // Operand read from memory or register. 198 | CS_AC_WRITE = 1 << 1, // Operand write to memory or register. 199 | } cs_ac_type; 200 | 201 | //> Common instruction groups - to be consistent across all architectures. 202 | typedef enum cs_group_type 203 | { 204 | CS_GRP_INVALID = 0, // uninitialized/invalid group. 205 | CS_GRP_JUMP, // all jump instructions (conditional+direct+indirect jumps) 206 | CS_GRP_CALL, // all call instructions 207 | CS_GRP_RET, // all return instructions 208 | CS_GRP_INT, // all interrupt instructions (int+syscall) 209 | CS_GRP_IRET, // all interrupt return instructions 210 | CS_GRP_PRIVILEGE, // all privileged instructions 211 | } cs_group_type; 212 | 213 | /* 214 | User-defined callback function for SKIPDATA option. 215 | See tests/test_skipdata.c for sample code demonstrating this API. 216 | 217 | @code: the input buffer containing code to be disassembled. 218 | This is the same buffer passed to cs_disasm(). 219 | @code_size: size (in bytes) of the above @code buffer. 220 | @offset: the position of the currently-examining byte in the input 221 | buffer @code mentioned above. 222 | @user_data: user-data passed to cs_option() via @user_data field in 223 | cs_opt_skipdata struct below. 224 | 225 | @return: return number of bytes to skip, or 0 to immediately stop disassembling. 226 | */ 227 | typedef size_t (CAPSTONE_API* cs_skipdata_cb_t)(const uint8_t* code, size_t code_size, size_t offset, void* user_data); 228 | 229 | // User-customized setup for SKIPDATA option 230 | typedef struct cs_opt_skipdata 231 | { 232 | // Capstone considers data to skip as special "instructions". 233 | // User can specify the string for this instruction's "mnemonic" here. 234 | // By default (if @mnemonic is NULL), Capstone use ".byte". 235 | const char* mnemonic; 236 | 237 | // User-defined callback function to be called when Capstone hits data. 238 | // If the returned value from this callback is positive (>0), Capstone 239 | // will skip exactly that number of bytes & continue. Otherwise, if 240 | // the callback returns 0, Capstone stops disassembling and returns 241 | // immediately from cs_disasm() 242 | // NOTE: if this callback pointer is NULL, Capstone would skip a number 243 | // of bytes depending on architectures, as following: 244 | // Arm: 2 bytes (Thumb mode) or 4 bytes. 245 | // Arm64: 4 bytes. 246 | // Mips: 4 bytes. 247 | // PowerPC: 4 bytes. 248 | // Sparc: 4 bytes. 249 | // SystemZ: 2 bytes. 250 | // X86: 1 bytes. 251 | // XCore: 2 bytes. 252 | cs_skipdata_cb_t callback; // default value is NULL 253 | 254 | // User-defined data to be passed to @callback function pointer. 255 | void* user_data; 256 | } cs_opt_skipdata; 257 | 258 | 259 | #include "arm.h" 260 | #include "arm64.h" 261 | #include "m68k.h" 262 | #include "mips.h" 263 | #include "ppc.h" 264 | #include "sparc.h" 265 | #include "systemz.h" 266 | #include "x86.h" 267 | #include "xcore.h" 268 | 269 | // NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON 270 | typedef struct cs_detail 271 | { 272 | uint16_t regs_read[12]; // list of implicit registers read by this insn 273 | uint8_t regs_read_count; // number of implicit registers read by this insn 274 | 275 | uint16_t regs_write[20]; // list of implicit registers modified by this insn 276 | uint8_t regs_write_count; // number of implicit registers modified by this insn 277 | 278 | uint8_t groups[8]; // list of group this instruction belong to 279 | uint8_t groups_count; // number of groups this insn belongs to 280 | 281 | // Architecture-specific instruction info 282 | union 283 | { 284 | cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 285 | cs_arm64 arm64; // ARM64 architecture (aka AArch64) 286 | cs_arm arm; // ARM architecture (including Thumb/Thumb2) 287 | cs_m68k m68k; // M68K architecture 288 | cs_mips mips; // MIPS architecture 289 | cs_ppc ppc; // PowerPC architecture 290 | cs_sparc sparc; // Sparc architecture 291 | cs_sysz sysz; // SystemZ architecture 292 | cs_xcore xcore; // XCore architecture 293 | }; 294 | } cs_detail; 295 | 296 | // Detail information of disassembled instruction 297 | typedef struct cs_insn 298 | { 299 | // Instruction ID (basically a numeric ID for the instruction mnemonic) 300 | // Find the instruction id in the '[ARCH]_insn' enum in the header file 301 | // of corresponding architecture, such as 'arm_insn' in arm.h for ARM, 302 | // 'x86_insn' in x86.h for X86, etc... 303 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 304 | // NOTE: in Skipdata mode, "data" instruction has 0 for this id field. 305 | unsigned int id; 306 | 307 | // Address (EIP) of this instruction 308 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 309 | uint64_t address; 310 | 311 | // Size of this instruction 312 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 313 | uint16_t size; 314 | 315 | // Machine bytes of this instruction, with number of bytes indicated by @size above 316 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 317 | uint8_t bytes[16]; 318 | 319 | // Ascii text of instruction mnemonic 320 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 321 | char mnemonic[CS_MNEMONIC_SIZE]; 322 | 323 | // Ascii text of instruction operands 324 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 325 | char op_str[160]; 326 | 327 | // Pointer to cs_detail. 328 | // NOTE: detail pointer is only valid when both requirements below are met: 329 | // (1) CS_OP_DETAIL = CS_OPT_ON 330 | // (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) 331 | // 332 | // NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer 333 | // is not NULL, its content is still irrelevant. 334 | cs_detail* detail; 335 | } cs_insn; 336 | 337 | 338 | // Calculate the offset of a disassembled instruction in its buffer, given its position 339 | // in its array of disassembled insn 340 | // NOTE: this macro works with position (>=1), not index 341 | #define CS_INSN_OFFSET(insns, post) (insns[post - 1].address - insns[0].address) 342 | 343 | 344 | // All type of errors encountered by Capstone API. 345 | // These are values returned by cs_errno() 346 | typedef enum cs_err 347 | { 348 | CS_ERR_OK = 0, // No error: everything was fine 349 | CS_ERR_MEM, // Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() 350 | CS_ERR_ARCH, // Unsupported architecture: cs_open() 351 | CS_ERR_HANDLE, // Invalid handle: cs_op_count(), cs_op_index() 352 | CS_ERR_CSH, // Invalid csh argument: cs_close(), cs_errno(), cs_option() 353 | CS_ERR_MODE, // Invalid/unsupported mode: cs_open() 354 | CS_ERR_OPTION, // Invalid/unsupported option: cs_option() 355 | CS_ERR_DETAIL, // Information is unavailable because detail option is OFF 356 | CS_ERR_MEMSETUP, // Dynamic memory management uninitialized (see CS_OPT_MEM) 357 | CS_ERR_VERSION, // Unsupported version (bindings) 358 | CS_ERR_DIET, // Access irrelevant data in "diet" engine 359 | CS_ERR_SKIPDATA, // Access irrelevant data for "data" instruction in SKIPDATA mode 360 | CS_ERR_X86_ATT, // X86 AT&T syntax is unsupported (opt-out at compile time) 361 | CS_ERR_X86_INTEL, // X86 Intel syntax is unsupported (opt-out at compile time) 362 | CS_ERR_X86_MASM, // X86 Intel syntax is unsupported (opt-out at compile time) 363 | } cs_err; 364 | 365 | /* 366 | Return combined API version & major and minor version numbers. 367 | 368 | @major: major number of API version 369 | @minor: minor number of API version 370 | 371 | @return hexical number as (major << 8 | minor), which encodes both 372 | major & minor versions. 373 | NOTE: This returned value can be compared with version number made 374 | with macro CS_MAKE_VERSION 375 | 376 | For example, second API version would return 1 in @major, and 1 in @minor 377 | The return value would be 0x0101 378 | 379 | NOTE: if you only care about returned value, but not major and minor values, 380 | set both @major & @minor arguments to NULL. 381 | */ 382 | CAPSTONE_EXPORT 383 | unsigned int CAPSTONE_API cs_version(int* major, int* minor); 384 | 385 | 386 | /* 387 | This API can be used to either ask for archs supported by this library, 388 | or check to see if the library was compile with 'diet' option (or called 389 | in 'diet' mode). 390 | 391 | To check if a particular arch is supported by this library, set @query to 392 | arch mode (CS_ARCH_* value). 393 | To verify if this library supports all the archs, use CS_ARCH_ALL. 394 | 395 | To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. 396 | 397 | @return True if this library supports the given arch, or in 'diet' mode. 398 | */ 399 | CAPSTONE_EXPORT 400 | bool CAPSTONE_API cs_support(int query); 401 | 402 | /* 403 | Initialize CS handle: this must be done before any usage of CS. 404 | 405 | @arch: architecture type (CS_ARCH_*) 406 | @mode: hardware mode. This is combined of CS_MODE_* 407 | @handle: pointer to handle, which will be updated at return time 408 | 409 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 410 | for detailed error). 411 | */ 412 | CAPSTONE_EXPORT 413 | cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh* handle); 414 | 415 | /* 416 | Close CS handle: MUST do to release the handle when it is not used anymore. 417 | NOTE: this must be only called when there is no longer usage of Capstone, 418 | not even access to cs_insn array. The reason is the this API releases some 419 | cached memory, thus access to any Capstone API after cs_close() might crash 420 | your application. 421 | 422 | In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). 423 | 424 | @handle: pointer to a handle returned by cs_open() 425 | 426 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 427 | for detailed error). 428 | */ 429 | CAPSTONE_EXPORT 430 | cs_err CAPSTONE_API cs_close(csh* handle); 431 | 432 | /* 433 | Set option for disassembling engine at runtime 434 | 435 | @handle: handle returned by cs_open() 436 | @type: type of option to be set 437 | @value: option value corresponding with @type 438 | 439 | @return: CS_ERR_OK on success, or other value on failure. 440 | Refer to cs_err enum for detailed error. 441 | 442 | NOTE: in the case of CS_OPT_MEM, handle's value can be anything, 443 | so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called 444 | even before cs_open() 445 | */ 446 | CAPSTONE_EXPORT 447 | cs_err CAPSTONE_API cs_option(csh handle, cs_opt_type type, size_t value); 448 | 449 | /* 450 | Report the last error number when some API function fail. 451 | Like glibc's errno, cs_errno might not retain its old value once accessed. 452 | 453 | @handle: handle returned by cs_open() 454 | 455 | @return: error code of cs_err enum type (CS_ERR_*, see above) 456 | */ 457 | CAPSTONE_EXPORT 458 | cs_err CAPSTONE_API cs_errno(csh handle); 459 | 460 | 461 | /* 462 | Return a string describing given error code. 463 | 464 | @code: error code (see CS_ERR_* above) 465 | 466 | @return: returns a pointer to a string that describes the error code 467 | passed in the argument @code 468 | */ 469 | CAPSTONE_EXPORT 470 | const char* CAPSTONE_API cs_strerror(cs_err code); 471 | 472 | /* 473 | Disassemble binary code, given the code buffer, size, address and number 474 | of instructions to be decoded. 475 | This API dynamically allocate memory to contain disassembled instruction. 476 | Resulted instructions will be put into @*insn 477 | 478 | NOTE 1: this API will automatically determine memory needed to contain 479 | output disassembled instructions in @insn. 480 | 481 | NOTE 2: caller must free the allocated memory itself to avoid memory leaking. 482 | 483 | NOTE 3: for system with scarce memory to be dynamically allocated such as 484 | OS kernel or firmware, the API cs_disasm_iter() might be a better choice than 485 | cs_disasm(). The reason is that with cs_disasm(), based on limited available 486 | memory, we have to calculate in advance how many instructions to be disassembled, 487 | which complicates things. This is especially troublesome for the case @count=0, 488 | when cs_disasm() runs uncontrollably (until either end of input buffer, or 489 | when it encounters an invalid instruction). 490 | 491 | @handle: handle returned by cs_open() 492 | @code: buffer containing raw binary code to be disassembled. 493 | @code_size: size of the above code buffer. 494 | @address: address of the first instruction in given raw code buffer. 495 | @insn: array of instructions filled in by this API. 496 | NOTE: @insn will be allocated by this function, and should be freed 497 | with cs_free() API. 498 | @count: number of instructions to be disassembled, or 0 to get all of them 499 | 500 | @return: the number of successfully disassembled instructions, 501 | or 0 if this function failed to disassemble the given code 502 | 503 | On failure, call cs_errno() for error code. 504 | */ 505 | CAPSTONE_EXPORT 506 | size_t CAPSTONE_API cs_disasm(csh handle, 507 | const uint8_t* code, size_t code_size, 508 | uint64_t address, 509 | size_t count, 510 | cs_insn** insn); 511 | 512 | /* 513 | Deprecated function - to be retired in the next version! 514 | Use cs_disasm() instead of cs_disasm_ex() 515 | */ 516 | CAPSTONE_EXPORT 517 | CAPSTONE_DEPRECATED 518 | size_t CAPSTONE_API cs_disasm_ex(csh handle, 519 | const uint8_t* code, size_t code_size, 520 | uint64_t address, 521 | size_t count, 522 | cs_insn** insn); 523 | 524 | /* 525 | Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) 526 | 527 | @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() 528 | @count: number of cs_insn structures returned by cs_disasm(), or 1 529 | to free memory allocated by cs_malloc(). 530 | */ 531 | CAPSTONE_EXPORT 532 | void CAPSTONE_API cs_free(cs_insn* insn, size_t count); 533 | 534 | 535 | /* 536 | Allocate memory for 1 instruction to be used by cs_disasm_iter(). 537 | 538 | @handle: handle returned by cs_open() 539 | 540 | NOTE: when no longer in use, you can reclaim the memory allocated for 541 | this instruction with cs_free(insn, 1) 542 | */ 543 | CAPSTONE_EXPORT 544 | cs_insn* CAPSTONE_API cs_malloc(csh handle); 545 | 546 | /* 547 | Fast API to disassemble binary code, given the code buffer, size, address 548 | and number of instructions to be decoded. 549 | This API put the resulted instruction into a given cache in @insn. 550 | See tests/test_iter.c for sample code demonstrating this API. 551 | 552 | NOTE 1: this API will update @code, @size & @address to point to the next 553 | instruction in the input buffer. Therefore, it is convenient to use 554 | cs_disasm_iter() inside a loop to quickly iterate all the instructions. 555 | While decoding one instruction at a time can also be achieved with 556 | cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% 557 | faster on random input. 558 | 559 | NOTE 2: the cache in @insn can be created with cs_malloc() API. 560 | 561 | NOTE 3: for system with scarce memory to be dynamically allocated such as 562 | OS kernel or firmware, this API is recommended over cs_disasm(), which 563 | allocates memory based on the number of instructions to be disassembled. 564 | The reason is that with cs_disasm(), based on limited available memory, 565 | we have to calculate in advance how many instructions to be disassembled, 566 | which complicates things. This is especially troublesome for the case 567 | @count=0, when cs_disasm() runs uncontrollably (until either end of input 568 | buffer, or when it encounters an invalid instruction). 569 | 570 | @handle: handle returned by cs_open() 571 | @code: buffer containing raw binary code to be disassembled 572 | @code_size: size of above code 573 | @address: address of the first insn in given raw code buffer 574 | @insn: pointer to instruction to be filled in by this API. 575 | 576 | @return: true if this API successfully decode 1 instruction, 577 | or false otherwise. 578 | 579 | On failure, call cs_errno() for error code. 580 | */ 581 | CAPSTONE_EXPORT 582 | bool CAPSTONE_API cs_disasm_iter(csh handle, 583 | const uint8_t** code, size_t* size, 584 | uint64_t* address, cs_insn* insn); 585 | 586 | /* 587 | Return friendly name of register in a string. 588 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, 589 | x86.h for X86, ...) 590 | 591 | WARN: when in 'diet' mode, this API is irrelevant because engine does not 592 | store register name. 593 | 594 | @handle: handle returned by cs_open() 595 | @reg_id: register id 596 | 597 | @return: string name of the register, or NULL if @reg_id is invalid. 598 | */ 599 | CAPSTONE_EXPORT 600 | const char* CAPSTONE_API cs_reg_name(csh handle, unsigned int reg_id); 601 | 602 | /* 603 | Return friendly name of an instruction in a string. 604 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 605 | 606 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 607 | store instruction name. 608 | 609 | @handle: handle returned by cs_open() 610 | @insn_id: instruction id 611 | 612 | @return: string name of the instruction, or NULL if @insn_id is invalid. 613 | */ 614 | CAPSTONE_EXPORT 615 | const char* CAPSTONE_API cs_insn_name(csh handle, unsigned int insn_id); 616 | 617 | /* 618 | Return friendly name of a group id (that an instruction can belong to) 619 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 620 | 621 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 622 | store group name. 623 | 624 | @handle: handle returned by cs_open() 625 | @group_id: group id 626 | 627 | @return: string name of the group, or NULL if @group_id is invalid. 628 | */ 629 | CAPSTONE_EXPORT 630 | const char* CAPSTONE_API cs_group_name(csh handle, unsigned int group_id); 631 | 632 | /* 633 | Check if a disassembled instruction belong to a particular group. 634 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 635 | Internally, this simply verifies if @group_id matches any member of insn->groups array. 636 | 637 | NOTE: this API is only valid when detail option is ON (which is OFF by default). 638 | 639 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 640 | update @groups array. 641 | 642 | @handle: handle returned by cs_open() 643 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 644 | @group_id: group that you want to check if this instruction belong to. 645 | 646 | @return: true if this instruction indeed belongs to aboved group, or false otherwise. 647 | */ 648 | CAPSTONE_EXPORT 649 | bool CAPSTONE_API cs_insn_group(csh handle, const cs_insn* insn, unsigned int group_id); 650 | 651 | /* 652 | Check if a disassembled instruction IMPLICITLY used a particular register. 653 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 654 | Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. 655 | 656 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 657 | 658 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 659 | update @regs_read array. 660 | 661 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 662 | @reg_id: register that you want to check if this instruction used it. 663 | 664 | @return: true if this instruction indeed implicitly used aboved register, or false otherwise. 665 | */ 666 | CAPSTONE_EXPORT 667 | bool CAPSTONE_API cs_reg_read(csh handle, const cs_insn* insn, unsigned int reg_id); 668 | 669 | /* 670 | Check if a disassembled instruction IMPLICITLY modified a particular register. 671 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 672 | Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. 673 | 674 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 675 | 676 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 677 | update @regs_write array. 678 | 679 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 680 | @reg_id: register that you want to check if this instruction modified it. 681 | 682 | @return: true if this instruction indeed implicitly modified aboved register, or false otherwise. 683 | */ 684 | CAPSTONE_EXPORT 685 | bool CAPSTONE_API cs_reg_write(csh handle, const cs_insn* insn, unsigned int reg_id); 686 | 687 | /* 688 | Count the number of operands of a given type. 689 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 690 | 691 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 692 | 693 | @handle: handle returned by cs_open() 694 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 695 | @op_type: Operand type to be found. 696 | 697 | @return: number of operands of given type @op_type in instruction @insn, 698 | or -1 on failure. 699 | */ 700 | CAPSTONE_EXPORT 701 | int CAPSTONE_API cs_op_count(csh handle, const cs_insn* insn, unsigned int op_type); 702 | 703 | /* 704 | Retrieve the position of operand of given type in .operands[] array. 705 | Later, the operand can be accessed using the returned position. 706 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 707 | 708 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 709 | 710 | @handle: handle returned by cs_open() 711 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 712 | @op_type: Operand type to be found. 713 | @position: position of the operand to be found. This must be in the range 714 | [1, cs_op_count(handle, insn, op_type)] 715 | 716 | @return: index of operand of given type @op_type in .operands[] array 717 | in instruction @insn, or -1 on failure. 718 | */ 719 | CAPSTONE_EXPORT 720 | int CAPSTONE_API cs_op_index(csh handle, const cs_insn* insn, unsigned int op_type, 721 | unsigned int position); 722 | 723 | // Type of array to keep the list of registers 724 | typedef uint16_t cs_regs[64]; 725 | 726 | /* 727 | Retrieve all the registers accessed by an instruction, either explicitly or 728 | implicitly. 729 | 730 | WARN: when in 'diet' mode, this API is irrelevant because engine does not 731 | store registers. 732 | 733 | @handle: handle returned by cs_open() 734 | @insn: disassembled instruction structure returned from cs_disasm() or cs_disasm_iter() 735 | @regs_read: on return, this array contains all registers read by instruction. 736 | @regs_read_count: number of registers kept inside @regs_read array. 737 | @regs_write: on return, this array contains all registers written by instruction. 738 | @regs_write_count: number of registers kept inside @regs_write array. 739 | 740 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 741 | for detailed error). 742 | */ 743 | CAPSTONE_EXPORT 744 | cs_err CAPSTONE_API cs_regs_access(csh handle, const cs_insn* insn, 745 | cs_regs regs_read, uint8_t* regs_read_count, 746 | cs_regs regs_write, uint8_t* regs_write_count); 747 | 748 | #ifdef __cplusplus 749 | } 750 | #endif 751 | 752 | #endif 753 | -------------------------------------------------------------------------------- /capstone/capstone_x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/capstone_wrapper/578d387f3c89692613990f049317194d70be1c14/capstone/capstone_x64.lib -------------------------------------------------------------------------------- /capstone/capstone_x86.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/x64dbg/capstone_wrapper/578d387f3c89692613990f049317194d70be1c14/capstone/capstone_x86.lib -------------------------------------------------------------------------------- /capstone/m68k.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_M68K_H 2 | #define CAPSTONE_M68K_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Daniel Collin , 2015-2016 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | #ifdef _MSC_VER 14 | #pragma warning(disable:4201) 15 | #endif 16 | 17 | #define M68K_OPERAND_COUNT 4 18 | 19 | //> M68K registers and special registers 20 | typedef enum m68k_reg 21 | { 22 | M68K_REG_INVALID = 0, 23 | 24 | M68K_REG_D0, 25 | M68K_REG_D1, 26 | M68K_REG_D2, 27 | M68K_REG_D3, 28 | M68K_REG_D4, 29 | M68K_REG_D5, 30 | M68K_REG_D6, 31 | M68K_REG_D7, 32 | 33 | M68K_REG_A0, 34 | M68K_REG_A1, 35 | M68K_REG_A2, 36 | M68K_REG_A3, 37 | M68K_REG_A4, 38 | M68K_REG_A5, 39 | M68K_REG_A6, 40 | M68K_REG_A7, 41 | 42 | M68K_REG_FP0, 43 | M68K_REG_FP1, 44 | M68K_REG_FP2, 45 | M68K_REG_FP3, 46 | M68K_REG_FP4, 47 | M68K_REG_FP5, 48 | M68K_REG_FP6, 49 | M68K_REG_FP7, 50 | 51 | M68K_REG_PC, 52 | 53 | M68K_REG_SR, 54 | M68K_REG_CCR, 55 | M68K_REG_SFC, 56 | M68K_REG_DFC, 57 | M68K_REG_USP, 58 | M68K_REG_VBR, 59 | M68K_REG_CACR, 60 | M68K_REG_CAAR, 61 | M68K_REG_MSP, 62 | M68K_REG_ISP, 63 | M68K_REG_TC, 64 | M68K_REG_ITT0, 65 | M68K_REG_ITT1, 66 | M68K_REG_DTT0, 67 | M68K_REG_DTT1, 68 | M68K_REG_MMUSR, 69 | M68K_REG_URP, 70 | M68K_REG_SRP, 71 | 72 | M68K_REG_FPCR, 73 | M68K_REG_FPSR, 74 | M68K_REG_FPIAR, 75 | 76 | M68K_REG_ENDING, // <-- mark the end of the list of registers 77 | } m68k_reg; 78 | 79 | //> M68K Addressing Modes 80 | typedef enum m68k_address_mode 81 | { 82 | M68K_AM_NONE = 0, // No address mode. 83 | 84 | M68K_AM_REG_DIRECT_DATA, // Register Direct - Data 85 | M68K_AM_REG_DIRECT_ADDR, // Register Direct - Address 86 | 87 | M68K_AM_REGI_ADDR, // Register Indirect - Address 88 | M68K_AM_REGI_ADDR_POST_INC, // Register Indirect - Address with Postincrement 89 | M68K_AM_REGI_ADDR_PRE_DEC, // Register Indirect - Address with Predecrement 90 | M68K_AM_REGI_ADDR_DISP, // Register Indirect - Address with Displacement 91 | 92 | M68K_AM_AREGI_INDEX_8_BIT_DISP, // Address Register Indirect With Index- 8-bit displacement 93 | M68K_AM_AREGI_INDEX_BASE_DISP, // Address Register Indirect With Index- Base displacement 94 | 95 | M68K_AM_MEMI_POST_INDEX, // Memory indirect - Postindex 96 | M68K_AM_MEMI_PRE_INDEX, // Memory indirect - Preindex 97 | 98 | M68K_AM_PCI_DISP, // Program Counter Indirect - with Displacement 99 | 100 | M68K_AM_PCI_INDEX_8_BIT_DISP, // Program Counter Indirect with Index - with 8-Bit Displacement 101 | M68K_AM_PCI_INDEX_BASE_DISP, // Program Counter Indirect with Index - with Base Displacement 102 | 103 | M68K_AM_PC_MEMI_POST_INDEX, // Program Counter Memory Indirect - Postindexed 104 | M68K_AM_PC_MEMI_PRE_INDEX, // Program Counter Memory Indirect - Preindexed 105 | 106 | M68K_AM_ABSOLUTE_DATA_SHORT, // Absolute Data Addressing - Short 107 | M68K_AM_ABSOLUTE_DATA_LONG, // Absolute Data Addressing - Long 108 | M68K_AM_IMMEDIATE, // Immediate value 109 | } m68k_address_mode; 110 | 111 | //> Operand type for instruction's operands 112 | typedef enum m68k_op_type 113 | { 114 | M68K_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 115 | M68K_OP_REG, // = CS_OP_REG (Register operand). 116 | M68K_OP_IMM, // = CS_OP_IMM (Immediate operand). 117 | M68K_OP_MEM, // = CS_OP_MEM (Memory operand). 118 | M68K_OP_FP_SINGLE, // single precision Floating-Point operand 119 | M68K_OP_FP_DOUBLE, // double precision Floating-Point operand 120 | M68K_OP_REG_BITS, // Register bits move 121 | M68K_OP_REG_PAIR, // Register pair in the same op (upper 4 bits for first reg, lower for second) 122 | } m68k_op_type; 123 | 124 | // Instruction's operand referring to memory 125 | // This is associated with M68K_OP_MEM operand type above 126 | typedef struct m68k_op_mem 127 | { 128 | m68k_reg base_reg; // base register (or M68K_REG_INVALID if irrelevant) 129 | m68k_reg index_reg; // index register (or M68K_REG_INVALID if irrelevant) 130 | m68k_reg in_base_reg; // indirect base register (or M68K_REG_INVALID if irrelevant) 131 | uint32_t in_disp; // indirect displacement 132 | uint32_t out_disp; // other displacement 133 | int16_t disp; // displacement value 134 | uint8_t scale; // scale for index register 135 | uint8_t bitfield; // set to true if the two values below should be used 136 | uint8_t width; // used for bf* instructions 137 | uint8_t offset; // used for bf* instructions 138 | uint8_t index_size; // 0 = w, 1 = l 139 | } m68k_op_mem; 140 | 141 | // Instruction operand 142 | typedef struct cs_m68k_op 143 | { 144 | union 145 | { 146 | uint64_t imm; // immediate value for IMM operand 147 | double dimm; // double imm 148 | float simm; // float imm 149 | m68k_reg reg; // register value for REG operand 150 | struct // register pair in one operand 151 | { 152 | m68k_reg reg_0; 153 | m68k_reg reg_1; 154 | } reg_pair; 155 | m68k_op_mem mem; // data when operand is targeting memory 156 | uint32_t register_bits; // register bits for movem etc. (always in d0-d7, a0-a7, fp0 - fp7 order) 157 | }; 158 | m68k_op_type type; 159 | m68k_address_mode address_mode; // M68K addressing mode for this op 160 | } cs_m68k_op; 161 | 162 | // Operation size of the CPU instructions 163 | typedef enum m68k_cpu_size 164 | { 165 | M68K_CPU_SIZE_NONE = 0, // unsized or unspecified 166 | M68K_CPU_SIZE_BYTE = 1, // 1 byte in size 167 | M68K_CPU_SIZE_WORD = 2, // 2 bytes in size 168 | M68K_CPU_SIZE_LONG = 4, // 4 bytes in size 169 | } m68k_cpu_size; 170 | 171 | // Operation size of the FPU instructions (Notice that FPU instruction can also use CPU sizes if needed) 172 | typedef enum m68k_fpu_size 173 | { 174 | M68K_FPU_SIZE_NONE = 0, // unsized like fsave/frestore 175 | M68K_FPU_SIZE_SINGLE = 4, // 4 byte in size (single float) 176 | M68K_FPU_SIZE_DOUBLE = 8, // 8 byte in size (double) 177 | M68K_FPU_SIZE_EXTENDED = 12, // 12 byte in size (extended real format) 178 | } m68k_fpu_size; 179 | 180 | // Type of size that is being used for the current instruction 181 | typedef enum m68k_size_type 182 | { 183 | M68K_SIZE_TYPE_INVALID = 0, 184 | 185 | M68K_SIZE_TYPE_CPU, 186 | M68K_SIZE_TYPE_FPU, 187 | } m68k_size_type; 188 | 189 | // Operation size of the current instruction (NOT the actually size of instruction) 190 | typedef struct m68k_op_size 191 | { 192 | m68k_size_type type; 193 | union 194 | { 195 | m68k_cpu_size cpu_size; 196 | m68k_fpu_size fpu_size; 197 | }; 198 | } m68k_op_size; 199 | 200 | // The M68K instruction and it's operands 201 | typedef struct cs_m68k 202 | { 203 | // Number of operands of this instruction or 0 when instruction has no operand. 204 | cs_m68k_op operands[M68K_OPERAND_COUNT]; // operands for this instruction. 205 | m68k_op_size op_size; // size of data operand works on in bytes (.b, .w, .l, etc) 206 | uint8_t op_count; // number of operands for the instruction 207 | } cs_m68k; 208 | 209 | //> M68K instruction 210 | typedef enum m68k_insn 211 | { 212 | M68K_INS_INVALID = 0, 213 | 214 | M68K_INS_ABCD, 215 | M68K_INS_ADD, 216 | M68K_INS_ADDA, 217 | M68K_INS_ADDI, 218 | M68K_INS_ADDQ, 219 | M68K_INS_ADDX, 220 | M68K_INS_AND, 221 | M68K_INS_ANDI, 222 | M68K_INS_ASL, 223 | M68K_INS_ASR, 224 | M68K_INS_BHS, 225 | M68K_INS_BLO, 226 | M68K_INS_BHI, 227 | M68K_INS_BLS, 228 | M68K_INS_BCC, 229 | M68K_INS_BCS, 230 | M68K_INS_BNE, 231 | M68K_INS_BEQ, 232 | M68K_INS_BVC, 233 | M68K_INS_BVS, 234 | M68K_INS_BPL, 235 | M68K_INS_BMI, 236 | M68K_INS_BGE, 237 | M68K_INS_BLT, 238 | M68K_INS_BGT, 239 | M68K_INS_BLE, 240 | M68K_INS_BRA, 241 | M68K_INS_BSR, 242 | M68K_INS_BCHG, 243 | M68K_INS_BCLR, 244 | M68K_INS_BSET, 245 | M68K_INS_BTST, 246 | M68K_INS_BFCHG, 247 | M68K_INS_BFCLR, 248 | M68K_INS_BFEXTS, 249 | M68K_INS_BFEXTU, 250 | M68K_INS_BFFFO, 251 | M68K_INS_BFINS, 252 | M68K_INS_BFSET, 253 | M68K_INS_BFTST, 254 | M68K_INS_BKPT, 255 | M68K_INS_CALLM, 256 | M68K_INS_CAS, 257 | M68K_INS_CAS2, 258 | M68K_INS_CHK, 259 | M68K_INS_CHK2, 260 | M68K_INS_CLR, 261 | M68K_INS_CMP, 262 | M68K_INS_CMPA, 263 | M68K_INS_CMPI, 264 | M68K_INS_CMPM, 265 | M68K_INS_CMP2, 266 | M68K_INS_CINVL, 267 | M68K_INS_CINVP, 268 | M68K_INS_CINVA, 269 | M68K_INS_CPUSHL, 270 | M68K_INS_CPUSHP, 271 | M68K_INS_CPUSHA, 272 | M68K_INS_DBT, 273 | M68K_INS_DBF, 274 | M68K_INS_DBHI, 275 | M68K_INS_DBLS, 276 | M68K_INS_DBCC, 277 | M68K_INS_DBCS, 278 | M68K_INS_DBNE, 279 | M68K_INS_DBEQ, 280 | M68K_INS_DBVC, 281 | M68K_INS_DBVS, 282 | M68K_INS_DBPL, 283 | M68K_INS_DBMI, 284 | M68K_INS_DBGE, 285 | M68K_INS_DBLT, 286 | M68K_INS_DBGT, 287 | M68K_INS_DBLE, 288 | M68K_INS_DBRA, 289 | M68K_INS_DIVS, 290 | M68K_INS_DIVSL, 291 | M68K_INS_DIVU, 292 | M68K_INS_DIVUL, 293 | M68K_INS_EOR, 294 | M68K_INS_EORI, 295 | M68K_INS_EXG, 296 | M68K_INS_EXT, 297 | M68K_INS_EXTB, 298 | M68K_INS_FABS, 299 | M68K_INS_FSABS, 300 | M68K_INS_FDABS, 301 | M68K_INS_FACOS, 302 | M68K_INS_FADD, 303 | M68K_INS_FSADD, 304 | M68K_INS_FDADD, 305 | M68K_INS_FASIN, 306 | M68K_INS_FATAN, 307 | M68K_INS_FATANH, 308 | M68K_INS_FBF, 309 | M68K_INS_FBEQ, 310 | M68K_INS_FBOGT, 311 | M68K_INS_FBOGE, 312 | M68K_INS_FBOLT, 313 | M68K_INS_FBOLE, 314 | M68K_INS_FBOGL, 315 | M68K_INS_FBOR, 316 | M68K_INS_FBUN, 317 | M68K_INS_FBUEQ, 318 | M68K_INS_FBUGT, 319 | M68K_INS_FBUGE, 320 | M68K_INS_FBULT, 321 | M68K_INS_FBULE, 322 | M68K_INS_FBNE, 323 | M68K_INS_FBT, 324 | M68K_INS_FBSF, 325 | M68K_INS_FBSEQ, 326 | M68K_INS_FBGT, 327 | M68K_INS_FBGE, 328 | M68K_INS_FBLT, 329 | M68K_INS_FBLE, 330 | M68K_INS_FBGL, 331 | M68K_INS_FBGLE, 332 | M68K_INS_FBNGLE, 333 | M68K_INS_FBNGL, 334 | M68K_INS_FBNLE, 335 | M68K_INS_FBNLT, 336 | M68K_INS_FBNGE, 337 | M68K_INS_FBNGT, 338 | M68K_INS_FBSNE, 339 | M68K_INS_FBST, 340 | M68K_INS_FCMP, 341 | M68K_INS_FCOS, 342 | M68K_INS_FCOSH, 343 | M68K_INS_FDBF, 344 | M68K_INS_FDBEQ, 345 | M68K_INS_FDBOGT, 346 | M68K_INS_FDBOGE, 347 | M68K_INS_FDBOLT, 348 | M68K_INS_FDBOLE, 349 | M68K_INS_FDBOGL, 350 | M68K_INS_FDBOR, 351 | M68K_INS_FDBUN, 352 | M68K_INS_FDBUEQ, 353 | M68K_INS_FDBUGT, 354 | M68K_INS_FDBUGE, 355 | M68K_INS_FDBULT, 356 | M68K_INS_FDBULE, 357 | M68K_INS_FDBNE, 358 | M68K_INS_FDBT, 359 | M68K_INS_FDBSF, 360 | M68K_INS_FDBSEQ, 361 | M68K_INS_FDBGT, 362 | M68K_INS_FDBGE, 363 | M68K_INS_FDBLT, 364 | M68K_INS_FDBLE, 365 | M68K_INS_FDBGL, 366 | M68K_INS_FDBGLE, 367 | M68K_INS_FDBNGLE, 368 | M68K_INS_FDBNGL, 369 | M68K_INS_FDBNLE, 370 | M68K_INS_FDBNLT, 371 | M68K_INS_FDBNGE, 372 | M68K_INS_FDBNGT, 373 | M68K_INS_FDBSNE, 374 | M68K_INS_FDBST, 375 | M68K_INS_FDIV, 376 | M68K_INS_FSDIV, 377 | M68K_INS_FDDIV, 378 | M68K_INS_FETOX, 379 | M68K_INS_FETOXM1, 380 | M68K_INS_FGETEXP, 381 | M68K_INS_FGETMAN, 382 | M68K_INS_FINT, 383 | M68K_INS_FINTRZ, 384 | M68K_INS_FLOG10, 385 | M68K_INS_FLOG2, 386 | M68K_INS_FLOGN, 387 | M68K_INS_FLOGNP1, 388 | M68K_INS_FMOD, 389 | M68K_INS_FMOVE, 390 | M68K_INS_FSMOVE, 391 | M68K_INS_FDMOVE, 392 | M68K_INS_FMOVECR, 393 | M68K_INS_FMOVEM, 394 | M68K_INS_FMUL, 395 | M68K_INS_FSMUL, 396 | M68K_INS_FDMUL, 397 | M68K_INS_FNEG, 398 | M68K_INS_FSNEG, 399 | M68K_INS_FDNEG, 400 | M68K_INS_FNOP, 401 | M68K_INS_FREM, 402 | M68K_INS_FRESTORE, 403 | M68K_INS_FSAVE, 404 | M68K_INS_FSCALE, 405 | M68K_INS_FSGLDIV, 406 | M68K_INS_FSGLMUL, 407 | M68K_INS_FSIN, 408 | M68K_INS_FSINCOS, 409 | M68K_INS_FSINH, 410 | M68K_INS_FSQRT, 411 | M68K_INS_FSSQRT, 412 | M68K_INS_FDSQRT, 413 | M68K_INS_FSF, 414 | M68K_INS_FSBEQ, 415 | M68K_INS_FSOGT, 416 | M68K_INS_FSOGE, 417 | M68K_INS_FSOLT, 418 | M68K_INS_FSOLE, 419 | M68K_INS_FSOGL, 420 | M68K_INS_FSOR, 421 | M68K_INS_FSUN, 422 | M68K_INS_FSUEQ, 423 | M68K_INS_FSUGT, 424 | M68K_INS_FSUGE, 425 | M68K_INS_FSULT, 426 | M68K_INS_FSULE, 427 | M68K_INS_FSNE, 428 | M68K_INS_FST, 429 | M68K_INS_FSSF, 430 | M68K_INS_FSSEQ, 431 | M68K_INS_FSGT, 432 | M68K_INS_FSGE, 433 | M68K_INS_FSLT, 434 | M68K_INS_FSLE, 435 | M68K_INS_FSGL, 436 | M68K_INS_FSGLE, 437 | M68K_INS_FSNGLE, 438 | M68K_INS_FSNGL, 439 | M68K_INS_FSNLE, 440 | M68K_INS_FSNLT, 441 | M68K_INS_FSNGE, 442 | M68K_INS_FSNGT, 443 | M68K_INS_FSSNE, 444 | M68K_INS_FSST, 445 | M68K_INS_FSUB, 446 | M68K_INS_FSSUB, 447 | M68K_INS_FDSUB, 448 | M68K_INS_FTAN, 449 | M68K_INS_FTANH, 450 | M68K_INS_FTENTOX, 451 | M68K_INS_FTRAPF, 452 | M68K_INS_FTRAPEQ, 453 | M68K_INS_FTRAPOGT, 454 | M68K_INS_FTRAPOGE, 455 | M68K_INS_FTRAPOLT, 456 | M68K_INS_FTRAPOLE, 457 | M68K_INS_FTRAPOGL, 458 | M68K_INS_FTRAPOR, 459 | M68K_INS_FTRAPUN, 460 | M68K_INS_FTRAPUEQ, 461 | M68K_INS_FTRAPUGT, 462 | M68K_INS_FTRAPUGE, 463 | M68K_INS_FTRAPULT, 464 | M68K_INS_FTRAPULE, 465 | M68K_INS_FTRAPNE, 466 | M68K_INS_FTRAPT, 467 | M68K_INS_FTRAPSF, 468 | M68K_INS_FTRAPSEQ, 469 | M68K_INS_FTRAPGT, 470 | M68K_INS_FTRAPGE, 471 | M68K_INS_FTRAPLT, 472 | M68K_INS_FTRAPLE, 473 | M68K_INS_FTRAPGL, 474 | M68K_INS_FTRAPGLE, 475 | M68K_INS_FTRAPNGLE, 476 | M68K_INS_FTRAPNGL, 477 | M68K_INS_FTRAPNLE, 478 | M68K_INS_FTRAPNLT, 479 | M68K_INS_FTRAPNGE, 480 | M68K_INS_FTRAPNGT, 481 | M68K_INS_FTRAPSNE, 482 | M68K_INS_FTRAPST, 483 | M68K_INS_FTST, 484 | M68K_INS_FTWOTOX, 485 | M68K_INS_HALT, 486 | M68K_INS_ILLEGAL, 487 | M68K_INS_JMP, 488 | M68K_INS_JSR, 489 | M68K_INS_LEA, 490 | M68K_INS_LINK, 491 | M68K_INS_LPSTOP, 492 | M68K_INS_LSL, 493 | M68K_INS_LSR, 494 | M68K_INS_MOVE, 495 | M68K_INS_MOVEA, 496 | M68K_INS_MOVEC, 497 | M68K_INS_MOVEM, 498 | M68K_INS_MOVEP, 499 | M68K_INS_MOVEQ, 500 | M68K_INS_MOVES, 501 | M68K_INS_MOVE16, 502 | M68K_INS_MULS, 503 | M68K_INS_MULU, 504 | M68K_INS_NBCD, 505 | M68K_INS_NEG, 506 | M68K_INS_NEGX, 507 | M68K_INS_NOP, 508 | M68K_INS_NOT, 509 | M68K_INS_OR, 510 | M68K_INS_ORI, 511 | M68K_INS_PACK, 512 | M68K_INS_PEA, 513 | M68K_INS_PFLUSH, 514 | M68K_INS_PFLUSHA, 515 | M68K_INS_PFLUSHAN, 516 | M68K_INS_PFLUSHN, 517 | M68K_INS_PLOADR, 518 | M68K_INS_PLOADW, 519 | M68K_INS_PLPAR, 520 | M68K_INS_PLPAW, 521 | M68K_INS_PMOVE, 522 | M68K_INS_PMOVEFD, 523 | M68K_INS_PTESTR, 524 | M68K_INS_PTESTW, 525 | M68K_INS_PULSE, 526 | M68K_INS_REMS, 527 | M68K_INS_REMU, 528 | M68K_INS_RESET, 529 | M68K_INS_ROL, 530 | M68K_INS_ROR, 531 | M68K_INS_ROXL, 532 | M68K_INS_ROXR, 533 | M68K_INS_RTD, 534 | M68K_INS_RTE, 535 | M68K_INS_RTM, 536 | M68K_INS_RTR, 537 | M68K_INS_RTS, 538 | M68K_INS_SBCD, 539 | M68K_INS_ST, 540 | M68K_INS_SF, 541 | M68K_INS_SHI, 542 | M68K_INS_SLS, 543 | M68K_INS_SCC, 544 | M68K_INS_SHS, 545 | M68K_INS_SCS, 546 | M68K_INS_SLO, 547 | M68K_INS_SNE, 548 | M68K_INS_SEQ, 549 | M68K_INS_SVC, 550 | M68K_INS_SVS, 551 | M68K_INS_SPL, 552 | M68K_INS_SMI, 553 | M68K_INS_SGE, 554 | M68K_INS_SLT, 555 | M68K_INS_SGT, 556 | M68K_INS_SLE, 557 | M68K_INS_STOP, 558 | M68K_INS_SUB, 559 | M68K_INS_SUBA, 560 | M68K_INS_SUBI, 561 | M68K_INS_SUBQ, 562 | M68K_INS_SUBX, 563 | M68K_INS_SWAP, 564 | M68K_INS_TAS, 565 | M68K_INS_TRAP, 566 | M68K_INS_TRAPV, 567 | M68K_INS_TRAPT, 568 | M68K_INS_TRAPF, 569 | M68K_INS_TRAPHI, 570 | M68K_INS_TRAPLS, 571 | M68K_INS_TRAPCC, 572 | M68K_INS_TRAPHS, 573 | M68K_INS_TRAPCS, 574 | M68K_INS_TRAPLO, 575 | M68K_INS_TRAPNE, 576 | M68K_INS_TRAPEQ, 577 | M68K_INS_TRAPVC, 578 | M68K_INS_TRAPVS, 579 | M68K_INS_TRAPPL, 580 | M68K_INS_TRAPMI, 581 | M68K_INS_TRAPGE, 582 | M68K_INS_TRAPLT, 583 | M68K_INS_TRAPGT, 584 | M68K_INS_TRAPLE, 585 | M68K_INS_TST, 586 | M68K_INS_UNLK, 587 | M68K_INS_UNPK, 588 | M68K_INS_ENDING, // <-- mark the end of the list of instructions 589 | 590 | } m68k_insn; 591 | 592 | //> Group of M68K instructions 593 | typedef enum m68k_group_type 594 | { 595 | M68K_GRP_INVALID = 0, // CS_GRUP_INVALID 596 | M68K_GRP_JUMP, // = CS_GRP_JUMP 597 | M68K_GRP_RET = 3, // = CS_GRP_RET 598 | M68K_GRP_IRET = 5, // = CS_GRP_IRET 599 | 600 | M68K_GRP_ENDING,// <-- mark the end of the list of groups 601 | } m68k_group_type; 602 | 603 | #ifdef __cplusplus 604 | } 605 | #endif 606 | 607 | #endif 608 | -------------------------------------------------------------------------------- /capstone/mips.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_MIPS_H 2 | #define CAPSTONE_MIPS_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | // GCC MIPS toolchain has a default macro called "mips" which breaks 14 | // compilation 15 | #undef mips 16 | 17 | #ifdef _MSC_VER 18 | #pragma warning(disable:4201) 19 | #endif 20 | 21 | //> Operand type for instruction's operands 22 | typedef enum mips_op_type 23 | { 24 | MIPS_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 25 | MIPS_OP_REG, // = CS_OP_REG (Register operand). 26 | MIPS_OP_IMM, // = CS_OP_IMM (Immediate operand). 27 | MIPS_OP_MEM, // = CS_OP_MEM (Memory operand). 28 | } mips_op_type; 29 | 30 | //> MIPS registers 31 | typedef enum mips_reg 32 | { 33 | MIPS_REG_INVALID = 0, 34 | //> General purpose registers 35 | MIPS_REG_PC, 36 | 37 | MIPS_REG_0, 38 | MIPS_REG_1, 39 | MIPS_REG_2, 40 | MIPS_REG_3, 41 | MIPS_REG_4, 42 | MIPS_REG_5, 43 | MIPS_REG_6, 44 | MIPS_REG_7, 45 | MIPS_REG_8, 46 | MIPS_REG_9, 47 | MIPS_REG_10, 48 | MIPS_REG_11, 49 | MIPS_REG_12, 50 | MIPS_REG_13, 51 | MIPS_REG_14, 52 | MIPS_REG_15, 53 | MIPS_REG_16, 54 | MIPS_REG_17, 55 | MIPS_REG_18, 56 | MIPS_REG_19, 57 | MIPS_REG_20, 58 | MIPS_REG_21, 59 | MIPS_REG_22, 60 | MIPS_REG_23, 61 | MIPS_REG_24, 62 | MIPS_REG_25, 63 | MIPS_REG_26, 64 | MIPS_REG_27, 65 | MIPS_REG_28, 66 | MIPS_REG_29, 67 | MIPS_REG_30, 68 | MIPS_REG_31, 69 | 70 | //> DSP registers 71 | MIPS_REG_DSPCCOND, 72 | MIPS_REG_DSPCARRY, 73 | MIPS_REG_DSPEFI, 74 | MIPS_REG_DSPOUTFLAG, 75 | MIPS_REG_DSPOUTFLAG16_19, 76 | MIPS_REG_DSPOUTFLAG20, 77 | MIPS_REG_DSPOUTFLAG21, 78 | MIPS_REG_DSPOUTFLAG22, 79 | MIPS_REG_DSPOUTFLAG23, 80 | MIPS_REG_DSPPOS, 81 | MIPS_REG_DSPSCOUNT, 82 | 83 | //> ACC registers 84 | MIPS_REG_AC0, 85 | MIPS_REG_AC1, 86 | MIPS_REG_AC2, 87 | MIPS_REG_AC3, 88 | 89 | //> COP registers 90 | MIPS_REG_CC0, 91 | MIPS_REG_CC1, 92 | MIPS_REG_CC2, 93 | MIPS_REG_CC3, 94 | MIPS_REG_CC4, 95 | MIPS_REG_CC5, 96 | MIPS_REG_CC6, 97 | MIPS_REG_CC7, 98 | 99 | //> FPU registers 100 | MIPS_REG_F0, 101 | MIPS_REG_F1, 102 | MIPS_REG_F2, 103 | MIPS_REG_F3, 104 | MIPS_REG_F4, 105 | MIPS_REG_F5, 106 | MIPS_REG_F6, 107 | MIPS_REG_F7, 108 | MIPS_REG_F8, 109 | MIPS_REG_F9, 110 | MIPS_REG_F10, 111 | MIPS_REG_F11, 112 | MIPS_REG_F12, 113 | MIPS_REG_F13, 114 | MIPS_REG_F14, 115 | MIPS_REG_F15, 116 | MIPS_REG_F16, 117 | MIPS_REG_F17, 118 | MIPS_REG_F18, 119 | MIPS_REG_F19, 120 | MIPS_REG_F20, 121 | MIPS_REG_F21, 122 | MIPS_REG_F22, 123 | MIPS_REG_F23, 124 | MIPS_REG_F24, 125 | MIPS_REG_F25, 126 | MIPS_REG_F26, 127 | MIPS_REG_F27, 128 | MIPS_REG_F28, 129 | MIPS_REG_F29, 130 | MIPS_REG_F30, 131 | MIPS_REG_F31, 132 | 133 | MIPS_REG_FCC0, 134 | MIPS_REG_FCC1, 135 | MIPS_REG_FCC2, 136 | MIPS_REG_FCC3, 137 | MIPS_REG_FCC4, 138 | MIPS_REG_FCC5, 139 | MIPS_REG_FCC6, 140 | MIPS_REG_FCC7, 141 | 142 | //> AFPR128 143 | MIPS_REG_W0, 144 | MIPS_REG_W1, 145 | MIPS_REG_W2, 146 | MIPS_REG_W3, 147 | MIPS_REG_W4, 148 | MIPS_REG_W5, 149 | MIPS_REG_W6, 150 | MIPS_REG_W7, 151 | MIPS_REG_W8, 152 | MIPS_REG_W9, 153 | MIPS_REG_W10, 154 | MIPS_REG_W11, 155 | MIPS_REG_W12, 156 | MIPS_REG_W13, 157 | MIPS_REG_W14, 158 | MIPS_REG_W15, 159 | MIPS_REG_W16, 160 | MIPS_REG_W17, 161 | MIPS_REG_W18, 162 | MIPS_REG_W19, 163 | MIPS_REG_W20, 164 | MIPS_REG_W21, 165 | MIPS_REG_W22, 166 | MIPS_REG_W23, 167 | MIPS_REG_W24, 168 | MIPS_REG_W25, 169 | MIPS_REG_W26, 170 | MIPS_REG_W27, 171 | MIPS_REG_W28, 172 | MIPS_REG_W29, 173 | MIPS_REG_W30, 174 | MIPS_REG_W31, 175 | 176 | MIPS_REG_HI, 177 | MIPS_REG_LO, 178 | 179 | MIPS_REG_P0, 180 | MIPS_REG_P1, 181 | MIPS_REG_P2, 182 | 183 | MIPS_REG_MPL0, 184 | MIPS_REG_MPL1, 185 | MIPS_REG_MPL2, 186 | 187 | MIPS_REG_ENDING, // <-- mark the end of the list or registers 188 | 189 | // alias registers 190 | MIPS_REG_ZERO = MIPS_REG_0, 191 | MIPS_REG_AT = MIPS_REG_1, 192 | MIPS_REG_V0 = MIPS_REG_2, 193 | MIPS_REG_V1 = MIPS_REG_3, 194 | MIPS_REG_A0 = MIPS_REG_4, 195 | MIPS_REG_A1 = MIPS_REG_5, 196 | MIPS_REG_A2 = MIPS_REG_6, 197 | MIPS_REG_A3 = MIPS_REG_7, 198 | MIPS_REG_T0 = MIPS_REG_8, 199 | MIPS_REG_T1 = MIPS_REG_9, 200 | MIPS_REG_T2 = MIPS_REG_10, 201 | MIPS_REG_T3 = MIPS_REG_11, 202 | MIPS_REG_T4 = MIPS_REG_12, 203 | MIPS_REG_T5 = MIPS_REG_13, 204 | MIPS_REG_T6 = MIPS_REG_14, 205 | MIPS_REG_T7 = MIPS_REG_15, 206 | MIPS_REG_S0 = MIPS_REG_16, 207 | MIPS_REG_S1 = MIPS_REG_17, 208 | MIPS_REG_S2 = MIPS_REG_18, 209 | MIPS_REG_S3 = MIPS_REG_19, 210 | MIPS_REG_S4 = MIPS_REG_20, 211 | MIPS_REG_S5 = MIPS_REG_21, 212 | MIPS_REG_S6 = MIPS_REG_22, 213 | MIPS_REG_S7 = MIPS_REG_23, 214 | MIPS_REG_T8 = MIPS_REG_24, 215 | MIPS_REG_T9 = MIPS_REG_25, 216 | MIPS_REG_K0 = MIPS_REG_26, 217 | MIPS_REG_K1 = MIPS_REG_27, 218 | MIPS_REG_GP = MIPS_REG_28, 219 | MIPS_REG_SP = MIPS_REG_29, 220 | MIPS_REG_FP = MIPS_REG_30, MIPS_REG_S8 = MIPS_REG_30, 221 | MIPS_REG_RA = MIPS_REG_31, 222 | 223 | MIPS_REG_HI0 = MIPS_REG_AC0, 224 | MIPS_REG_HI1 = MIPS_REG_AC1, 225 | MIPS_REG_HI2 = MIPS_REG_AC2, 226 | MIPS_REG_HI3 = MIPS_REG_AC3, 227 | 228 | MIPS_REG_LO0 = MIPS_REG_HI0, 229 | MIPS_REG_LO1 = MIPS_REG_HI1, 230 | MIPS_REG_LO2 = MIPS_REG_HI2, 231 | MIPS_REG_LO3 = MIPS_REG_HI3, 232 | } mips_reg; 233 | 234 | // Instruction's operand referring to memory 235 | // This is associated with MIPS_OP_MEM operand type above 236 | typedef struct mips_op_mem 237 | { 238 | mips_reg base; // base register 239 | int64_t disp; // displacement/offset value 240 | } mips_op_mem; 241 | 242 | // Instruction operand 243 | typedef struct cs_mips_op 244 | { 245 | mips_op_type type; // operand type 246 | union 247 | { 248 | mips_reg reg; // register value for REG operand 249 | int64_t imm; // immediate value for IMM operand 250 | mips_op_mem mem; // base/index/scale/disp value for MEM operand 251 | }; 252 | } cs_mips_op; 253 | 254 | // Instruction structure 255 | typedef struct cs_mips 256 | { 257 | // Number of operands of this instruction, 258 | // or 0 when instruction has no operand. 259 | uint8_t op_count; 260 | cs_mips_op operands[8]; // operands for this instruction. 261 | } cs_mips; 262 | 263 | //> MIPS instruction 264 | typedef enum mips_insn 265 | { 266 | MIPS_INS_INVALID = 0, 267 | 268 | MIPS_INS_ABSQ_S, 269 | MIPS_INS_ADD, 270 | MIPS_INS_ADDIUPC, 271 | MIPS_INS_ADDIUR1SP, 272 | MIPS_INS_ADDIUR2, 273 | MIPS_INS_ADDIUS5, 274 | MIPS_INS_ADDIUSP, 275 | MIPS_INS_ADDQH, 276 | MIPS_INS_ADDQH_R, 277 | MIPS_INS_ADDQ, 278 | MIPS_INS_ADDQ_S, 279 | MIPS_INS_ADDSC, 280 | MIPS_INS_ADDS_A, 281 | MIPS_INS_ADDS_S, 282 | MIPS_INS_ADDS_U, 283 | MIPS_INS_ADDU16, 284 | MIPS_INS_ADDUH, 285 | MIPS_INS_ADDUH_R, 286 | MIPS_INS_ADDU, 287 | MIPS_INS_ADDU_S, 288 | MIPS_INS_ADDVI, 289 | MIPS_INS_ADDV, 290 | MIPS_INS_ADDWC, 291 | MIPS_INS_ADD_A, 292 | MIPS_INS_ADDI, 293 | MIPS_INS_ADDIU, 294 | MIPS_INS_ALIGN, 295 | MIPS_INS_ALUIPC, 296 | MIPS_INS_AND, 297 | MIPS_INS_AND16, 298 | MIPS_INS_ANDI16, 299 | MIPS_INS_ANDI, 300 | MIPS_INS_APPEND, 301 | MIPS_INS_ASUB_S, 302 | MIPS_INS_ASUB_U, 303 | MIPS_INS_AUI, 304 | MIPS_INS_AUIPC, 305 | MIPS_INS_AVER_S, 306 | MIPS_INS_AVER_U, 307 | MIPS_INS_AVE_S, 308 | MIPS_INS_AVE_U, 309 | MIPS_INS_B16, 310 | MIPS_INS_BADDU, 311 | MIPS_INS_BAL, 312 | MIPS_INS_BALC, 313 | MIPS_INS_BALIGN, 314 | MIPS_INS_BBIT0, 315 | MIPS_INS_BBIT032, 316 | MIPS_INS_BBIT1, 317 | MIPS_INS_BBIT132, 318 | MIPS_INS_BC, 319 | MIPS_INS_BC0F, 320 | MIPS_INS_BC0FL, 321 | MIPS_INS_BC0T, 322 | MIPS_INS_BC0TL, 323 | MIPS_INS_BC1EQZ, 324 | MIPS_INS_BC1F, 325 | MIPS_INS_BC1FL, 326 | MIPS_INS_BC1NEZ, 327 | MIPS_INS_BC1T, 328 | MIPS_INS_BC1TL, 329 | MIPS_INS_BC2EQZ, 330 | MIPS_INS_BC2F, 331 | MIPS_INS_BC2FL, 332 | MIPS_INS_BC2NEZ, 333 | MIPS_INS_BC2T, 334 | MIPS_INS_BC2TL, 335 | MIPS_INS_BC3F, 336 | MIPS_INS_BC3FL, 337 | MIPS_INS_BC3T, 338 | MIPS_INS_BC3TL, 339 | MIPS_INS_BCLRI, 340 | MIPS_INS_BCLR, 341 | MIPS_INS_BEQ, 342 | MIPS_INS_BEQC, 343 | MIPS_INS_BEQL, 344 | MIPS_INS_BEQZ16, 345 | MIPS_INS_BEQZALC, 346 | MIPS_INS_BEQZC, 347 | MIPS_INS_BGEC, 348 | MIPS_INS_BGEUC, 349 | MIPS_INS_BGEZ, 350 | MIPS_INS_BGEZAL, 351 | MIPS_INS_BGEZALC, 352 | MIPS_INS_BGEZALL, 353 | MIPS_INS_BGEZALS, 354 | MIPS_INS_BGEZC, 355 | MIPS_INS_BGEZL, 356 | MIPS_INS_BGTZ, 357 | MIPS_INS_BGTZALC, 358 | MIPS_INS_BGTZC, 359 | MIPS_INS_BGTZL, 360 | MIPS_INS_BINSLI, 361 | MIPS_INS_BINSL, 362 | MIPS_INS_BINSRI, 363 | MIPS_INS_BINSR, 364 | MIPS_INS_BITREV, 365 | MIPS_INS_BITSWAP, 366 | MIPS_INS_BLEZ, 367 | MIPS_INS_BLEZALC, 368 | MIPS_INS_BLEZC, 369 | MIPS_INS_BLEZL, 370 | MIPS_INS_BLTC, 371 | MIPS_INS_BLTUC, 372 | MIPS_INS_BLTZ, 373 | MIPS_INS_BLTZAL, 374 | MIPS_INS_BLTZALC, 375 | MIPS_INS_BLTZALL, 376 | MIPS_INS_BLTZALS, 377 | MIPS_INS_BLTZC, 378 | MIPS_INS_BLTZL, 379 | MIPS_INS_BMNZI, 380 | MIPS_INS_BMNZ, 381 | MIPS_INS_BMZI, 382 | MIPS_INS_BMZ, 383 | MIPS_INS_BNE, 384 | MIPS_INS_BNEC, 385 | MIPS_INS_BNEGI, 386 | MIPS_INS_BNEG, 387 | MIPS_INS_BNEL, 388 | MIPS_INS_BNEZ16, 389 | MIPS_INS_BNEZALC, 390 | MIPS_INS_BNEZC, 391 | MIPS_INS_BNVC, 392 | MIPS_INS_BNZ, 393 | MIPS_INS_BOVC, 394 | MIPS_INS_BPOSGE32, 395 | MIPS_INS_BREAK, 396 | MIPS_INS_BREAK16, 397 | MIPS_INS_BSELI, 398 | MIPS_INS_BSEL, 399 | MIPS_INS_BSETI, 400 | MIPS_INS_BSET, 401 | MIPS_INS_BZ, 402 | MIPS_INS_BEQZ, 403 | MIPS_INS_B, 404 | MIPS_INS_BNEZ, 405 | MIPS_INS_BTEQZ, 406 | MIPS_INS_BTNEZ, 407 | MIPS_INS_CACHE, 408 | MIPS_INS_CEIL, 409 | MIPS_INS_CEQI, 410 | MIPS_INS_CEQ, 411 | MIPS_INS_CFC1, 412 | MIPS_INS_CFCMSA, 413 | MIPS_INS_CINS, 414 | MIPS_INS_CINS32, 415 | MIPS_INS_CLASS, 416 | MIPS_INS_CLEI_S, 417 | MIPS_INS_CLEI_U, 418 | MIPS_INS_CLE_S, 419 | MIPS_INS_CLE_U, 420 | MIPS_INS_CLO, 421 | MIPS_INS_CLTI_S, 422 | MIPS_INS_CLTI_U, 423 | MIPS_INS_CLT_S, 424 | MIPS_INS_CLT_U, 425 | MIPS_INS_CLZ, 426 | MIPS_INS_CMPGDU, 427 | MIPS_INS_CMPGU, 428 | MIPS_INS_CMPU, 429 | MIPS_INS_CMP, 430 | MIPS_INS_COPY_S, 431 | MIPS_INS_COPY_U, 432 | MIPS_INS_CTC1, 433 | MIPS_INS_CTCMSA, 434 | MIPS_INS_CVT, 435 | MIPS_INS_C, 436 | MIPS_INS_CMPI, 437 | MIPS_INS_DADD, 438 | MIPS_INS_DADDI, 439 | MIPS_INS_DADDIU, 440 | MIPS_INS_DADDU, 441 | MIPS_INS_DAHI, 442 | MIPS_INS_DALIGN, 443 | MIPS_INS_DATI, 444 | MIPS_INS_DAUI, 445 | MIPS_INS_DBITSWAP, 446 | MIPS_INS_DCLO, 447 | MIPS_INS_DCLZ, 448 | MIPS_INS_DDIV, 449 | MIPS_INS_DDIVU, 450 | MIPS_INS_DERET, 451 | MIPS_INS_DEXT, 452 | MIPS_INS_DEXTM, 453 | MIPS_INS_DEXTU, 454 | MIPS_INS_DI, 455 | MIPS_INS_DINS, 456 | MIPS_INS_DINSM, 457 | MIPS_INS_DINSU, 458 | MIPS_INS_DIV, 459 | MIPS_INS_DIVU, 460 | MIPS_INS_DIV_S, 461 | MIPS_INS_DIV_U, 462 | MIPS_INS_DLSA, 463 | MIPS_INS_DMFC0, 464 | MIPS_INS_DMFC1, 465 | MIPS_INS_DMFC2, 466 | MIPS_INS_DMOD, 467 | MIPS_INS_DMODU, 468 | MIPS_INS_DMTC0, 469 | MIPS_INS_DMTC1, 470 | MIPS_INS_DMTC2, 471 | MIPS_INS_DMUH, 472 | MIPS_INS_DMUHU, 473 | MIPS_INS_DMUL, 474 | MIPS_INS_DMULT, 475 | MIPS_INS_DMULTU, 476 | MIPS_INS_DMULU, 477 | MIPS_INS_DOTP_S, 478 | MIPS_INS_DOTP_U, 479 | MIPS_INS_DPADD_S, 480 | MIPS_INS_DPADD_U, 481 | MIPS_INS_DPAQX_SA, 482 | MIPS_INS_DPAQX_S, 483 | MIPS_INS_DPAQ_SA, 484 | MIPS_INS_DPAQ_S, 485 | MIPS_INS_DPAU, 486 | MIPS_INS_DPAX, 487 | MIPS_INS_DPA, 488 | MIPS_INS_DPOP, 489 | MIPS_INS_DPSQX_SA, 490 | MIPS_INS_DPSQX_S, 491 | MIPS_INS_DPSQ_SA, 492 | MIPS_INS_DPSQ_S, 493 | MIPS_INS_DPSUB_S, 494 | MIPS_INS_DPSUB_U, 495 | MIPS_INS_DPSU, 496 | MIPS_INS_DPSX, 497 | MIPS_INS_DPS, 498 | MIPS_INS_DROTR, 499 | MIPS_INS_DROTR32, 500 | MIPS_INS_DROTRV, 501 | MIPS_INS_DSBH, 502 | MIPS_INS_DSHD, 503 | MIPS_INS_DSLL, 504 | MIPS_INS_DSLL32, 505 | MIPS_INS_DSLLV, 506 | MIPS_INS_DSRA, 507 | MIPS_INS_DSRA32, 508 | MIPS_INS_DSRAV, 509 | MIPS_INS_DSRL, 510 | MIPS_INS_DSRL32, 511 | MIPS_INS_DSRLV, 512 | MIPS_INS_DSUB, 513 | MIPS_INS_DSUBU, 514 | MIPS_INS_EHB, 515 | MIPS_INS_EI, 516 | MIPS_INS_ERET, 517 | MIPS_INS_EXT, 518 | MIPS_INS_EXTP, 519 | MIPS_INS_EXTPDP, 520 | MIPS_INS_EXTPDPV, 521 | MIPS_INS_EXTPV, 522 | MIPS_INS_EXTRV_RS, 523 | MIPS_INS_EXTRV_R, 524 | MIPS_INS_EXTRV_S, 525 | MIPS_INS_EXTRV, 526 | MIPS_INS_EXTR_RS, 527 | MIPS_INS_EXTR_R, 528 | MIPS_INS_EXTR_S, 529 | MIPS_INS_EXTR, 530 | MIPS_INS_EXTS, 531 | MIPS_INS_EXTS32, 532 | MIPS_INS_ABS, 533 | MIPS_INS_FADD, 534 | MIPS_INS_FCAF, 535 | MIPS_INS_FCEQ, 536 | MIPS_INS_FCLASS, 537 | MIPS_INS_FCLE, 538 | MIPS_INS_FCLT, 539 | MIPS_INS_FCNE, 540 | MIPS_INS_FCOR, 541 | MIPS_INS_FCUEQ, 542 | MIPS_INS_FCULE, 543 | MIPS_INS_FCULT, 544 | MIPS_INS_FCUNE, 545 | MIPS_INS_FCUN, 546 | MIPS_INS_FDIV, 547 | MIPS_INS_FEXDO, 548 | MIPS_INS_FEXP2, 549 | MIPS_INS_FEXUPL, 550 | MIPS_INS_FEXUPR, 551 | MIPS_INS_FFINT_S, 552 | MIPS_INS_FFINT_U, 553 | MIPS_INS_FFQL, 554 | MIPS_INS_FFQR, 555 | MIPS_INS_FILL, 556 | MIPS_INS_FLOG2, 557 | MIPS_INS_FLOOR, 558 | MIPS_INS_FMADD, 559 | MIPS_INS_FMAX_A, 560 | MIPS_INS_FMAX, 561 | MIPS_INS_FMIN_A, 562 | MIPS_INS_FMIN, 563 | MIPS_INS_MOV, 564 | MIPS_INS_FMSUB, 565 | MIPS_INS_FMUL, 566 | MIPS_INS_MUL, 567 | MIPS_INS_NEG, 568 | MIPS_INS_FRCP, 569 | MIPS_INS_FRINT, 570 | MIPS_INS_FRSQRT, 571 | MIPS_INS_FSAF, 572 | MIPS_INS_FSEQ, 573 | MIPS_INS_FSLE, 574 | MIPS_INS_FSLT, 575 | MIPS_INS_FSNE, 576 | MIPS_INS_FSOR, 577 | MIPS_INS_FSQRT, 578 | MIPS_INS_SQRT, 579 | MIPS_INS_FSUB, 580 | MIPS_INS_SUB, 581 | MIPS_INS_FSUEQ, 582 | MIPS_INS_FSULE, 583 | MIPS_INS_FSULT, 584 | MIPS_INS_FSUNE, 585 | MIPS_INS_FSUN, 586 | MIPS_INS_FTINT_S, 587 | MIPS_INS_FTINT_U, 588 | MIPS_INS_FTQ, 589 | MIPS_INS_FTRUNC_S, 590 | MIPS_INS_FTRUNC_U, 591 | MIPS_INS_HADD_S, 592 | MIPS_INS_HADD_U, 593 | MIPS_INS_HSUB_S, 594 | MIPS_INS_HSUB_U, 595 | MIPS_INS_ILVEV, 596 | MIPS_INS_ILVL, 597 | MIPS_INS_ILVOD, 598 | MIPS_INS_ILVR, 599 | MIPS_INS_INS, 600 | MIPS_INS_INSERT, 601 | MIPS_INS_INSV, 602 | MIPS_INS_INSVE, 603 | MIPS_INS_J, 604 | MIPS_INS_JAL, 605 | MIPS_INS_JALR, 606 | MIPS_INS_JALRS16, 607 | MIPS_INS_JALRS, 608 | MIPS_INS_JALS, 609 | MIPS_INS_JALX, 610 | MIPS_INS_JIALC, 611 | MIPS_INS_JIC, 612 | MIPS_INS_JR, 613 | MIPS_INS_JR16, 614 | MIPS_INS_JRADDIUSP, 615 | MIPS_INS_JRC, 616 | MIPS_INS_JALRC, 617 | MIPS_INS_LB, 618 | MIPS_INS_LBU16, 619 | MIPS_INS_LBUX, 620 | MIPS_INS_LBU, 621 | MIPS_INS_LD, 622 | MIPS_INS_LDC1, 623 | MIPS_INS_LDC2, 624 | MIPS_INS_LDC3, 625 | MIPS_INS_LDI, 626 | MIPS_INS_LDL, 627 | MIPS_INS_LDPC, 628 | MIPS_INS_LDR, 629 | MIPS_INS_LDXC1, 630 | MIPS_INS_LH, 631 | MIPS_INS_LHU16, 632 | MIPS_INS_LHX, 633 | MIPS_INS_LHU, 634 | MIPS_INS_LI16, 635 | MIPS_INS_LL, 636 | MIPS_INS_LLD, 637 | MIPS_INS_LSA, 638 | MIPS_INS_LUXC1, 639 | MIPS_INS_LUI, 640 | MIPS_INS_LW, 641 | MIPS_INS_LW16, 642 | MIPS_INS_LWC1, 643 | MIPS_INS_LWC2, 644 | MIPS_INS_LWC3, 645 | MIPS_INS_LWL, 646 | MIPS_INS_LWM16, 647 | MIPS_INS_LWM32, 648 | MIPS_INS_LWPC, 649 | MIPS_INS_LWP, 650 | MIPS_INS_LWR, 651 | MIPS_INS_LWUPC, 652 | MIPS_INS_LWU, 653 | MIPS_INS_LWX, 654 | MIPS_INS_LWXC1, 655 | MIPS_INS_LWXS, 656 | MIPS_INS_LI, 657 | MIPS_INS_MADD, 658 | MIPS_INS_MADDF, 659 | MIPS_INS_MADDR_Q, 660 | MIPS_INS_MADDU, 661 | MIPS_INS_MADDV, 662 | MIPS_INS_MADD_Q, 663 | MIPS_INS_MAQ_SA, 664 | MIPS_INS_MAQ_S, 665 | MIPS_INS_MAXA, 666 | MIPS_INS_MAXI_S, 667 | MIPS_INS_MAXI_U, 668 | MIPS_INS_MAX_A, 669 | MIPS_INS_MAX, 670 | MIPS_INS_MAX_S, 671 | MIPS_INS_MAX_U, 672 | MIPS_INS_MFC0, 673 | MIPS_INS_MFC1, 674 | MIPS_INS_MFC2, 675 | MIPS_INS_MFHC1, 676 | MIPS_INS_MFHI, 677 | MIPS_INS_MFLO, 678 | MIPS_INS_MINA, 679 | MIPS_INS_MINI_S, 680 | MIPS_INS_MINI_U, 681 | MIPS_INS_MIN_A, 682 | MIPS_INS_MIN, 683 | MIPS_INS_MIN_S, 684 | MIPS_INS_MIN_U, 685 | MIPS_INS_MOD, 686 | MIPS_INS_MODSUB, 687 | MIPS_INS_MODU, 688 | MIPS_INS_MOD_S, 689 | MIPS_INS_MOD_U, 690 | MIPS_INS_MOVE, 691 | MIPS_INS_MOVEP, 692 | MIPS_INS_MOVF, 693 | MIPS_INS_MOVN, 694 | MIPS_INS_MOVT, 695 | MIPS_INS_MOVZ, 696 | MIPS_INS_MSUB, 697 | MIPS_INS_MSUBF, 698 | MIPS_INS_MSUBR_Q, 699 | MIPS_INS_MSUBU, 700 | MIPS_INS_MSUBV, 701 | MIPS_INS_MSUB_Q, 702 | MIPS_INS_MTC0, 703 | MIPS_INS_MTC1, 704 | MIPS_INS_MTC2, 705 | MIPS_INS_MTHC1, 706 | MIPS_INS_MTHI, 707 | MIPS_INS_MTHLIP, 708 | MIPS_INS_MTLO, 709 | MIPS_INS_MTM0, 710 | MIPS_INS_MTM1, 711 | MIPS_INS_MTM2, 712 | MIPS_INS_MTP0, 713 | MIPS_INS_MTP1, 714 | MIPS_INS_MTP2, 715 | MIPS_INS_MUH, 716 | MIPS_INS_MUHU, 717 | MIPS_INS_MULEQ_S, 718 | MIPS_INS_MULEU_S, 719 | MIPS_INS_MULQ_RS, 720 | MIPS_INS_MULQ_S, 721 | MIPS_INS_MULR_Q, 722 | MIPS_INS_MULSAQ_S, 723 | MIPS_INS_MULSA, 724 | MIPS_INS_MULT, 725 | MIPS_INS_MULTU, 726 | MIPS_INS_MULU, 727 | MIPS_INS_MULV, 728 | MIPS_INS_MUL_Q, 729 | MIPS_INS_MUL_S, 730 | MIPS_INS_NLOC, 731 | MIPS_INS_NLZC, 732 | MIPS_INS_NMADD, 733 | MIPS_INS_NMSUB, 734 | MIPS_INS_NOR, 735 | MIPS_INS_NORI, 736 | MIPS_INS_NOT16, 737 | MIPS_INS_NOT, 738 | MIPS_INS_OR, 739 | MIPS_INS_OR16, 740 | MIPS_INS_ORI, 741 | MIPS_INS_PACKRL, 742 | MIPS_INS_PAUSE, 743 | MIPS_INS_PCKEV, 744 | MIPS_INS_PCKOD, 745 | MIPS_INS_PCNT, 746 | MIPS_INS_PICK, 747 | MIPS_INS_POP, 748 | MIPS_INS_PRECEQU, 749 | MIPS_INS_PRECEQ, 750 | MIPS_INS_PRECEU, 751 | MIPS_INS_PRECRQU_S, 752 | MIPS_INS_PRECRQ, 753 | MIPS_INS_PRECRQ_RS, 754 | MIPS_INS_PRECR, 755 | MIPS_INS_PRECR_SRA, 756 | MIPS_INS_PRECR_SRA_R, 757 | MIPS_INS_PREF, 758 | MIPS_INS_PREPEND, 759 | MIPS_INS_RADDU, 760 | MIPS_INS_RDDSP, 761 | MIPS_INS_RDHWR, 762 | MIPS_INS_REPLV, 763 | MIPS_INS_REPL, 764 | MIPS_INS_RINT, 765 | MIPS_INS_ROTR, 766 | MIPS_INS_ROTRV, 767 | MIPS_INS_ROUND, 768 | MIPS_INS_SAT_S, 769 | MIPS_INS_SAT_U, 770 | MIPS_INS_SB, 771 | MIPS_INS_SB16, 772 | MIPS_INS_SC, 773 | MIPS_INS_SCD, 774 | MIPS_INS_SD, 775 | MIPS_INS_SDBBP, 776 | MIPS_INS_SDBBP16, 777 | MIPS_INS_SDC1, 778 | MIPS_INS_SDC2, 779 | MIPS_INS_SDC3, 780 | MIPS_INS_SDL, 781 | MIPS_INS_SDR, 782 | MIPS_INS_SDXC1, 783 | MIPS_INS_SEB, 784 | MIPS_INS_SEH, 785 | MIPS_INS_SELEQZ, 786 | MIPS_INS_SELNEZ, 787 | MIPS_INS_SEL, 788 | MIPS_INS_SEQ, 789 | MIPS_INS_SEQI, 790 | MIPS_INS_SH, 791 | MIPS_INS_SH16, 792 | MIPS_INS_SHF, 793 | MIPS_INS_SHILO, 794 | MIPS_INS_SHILOV, 795 | MIPS_INS_SHLLV, 796 | MIPS_INS_SHLLV_S, 797 | MIPS_INS_SHLL, 798 | MIPS_INS_SHLL_S, 799 | MIPS_INS_SHRAV, 800 | MIPS_INS_SHRAV_R, 801 | MIPS_INS_SHRA, 802 | MIPS_INS_SHRA_R, 803 | MIPS_INS_SHRLV, 804 | MIPS_INS_SHRL, 805 | MIPS_INS_SLDI, 806 | MIPS_INS_SLD, 807 | MIPS_INS_SLL, 808 | MIPS_INS_SLL16, 809 | MIPS_INS_SLLI, 810 | MIPS_INS_SLLV, 811 | MIPS_INS_SLT, 812 | MIPS_INS_SLTI, 813 | MIPS_INS_SLTIU, 814 | MIPS_INS_SLTU, 815 | MIPS_INS_SNE, 816 | MIPS_INS_SNEI, 817 | MIPS_INS_SPLATI, 818 | MIPS_INS_SPLAT, 819 | MIPS_INS_SRA, 820 | MIPS_INS_SRAI, 821 | MIPS_INS_SRARI, 822 | MIPS_INS_SRAR, 823 | MIPS_INS_SRAV, 824 | MIPS_INS_SRL, 825 | MIPS_INS_SRL16, 826 | MIPS_INS_SRLI, 827 | MIPS_INS_SRLRI, 828 | MIPS_INS_SRLR, 829 | MIPS_INS_SRLV, 830 | MIPS_INS_SSNOP, 831 | MIPS_INS_ST, 832 | MIPS_INS_SUBQH, 833 | MIPS_INS_SUBQH_R, 834 | MIPS_INS_SUBQ, 835 | MIPS_INS_SUBQ_S, 836 | MIPS_INS_SUBSUS_U, 837 | MIPS_INS_SUBSUU_S, 838 | MIPS_INS_SUBS_S, 839 | MIPS_INS_SUBS_U, 840 | MIPS_INS_SUBU16, 841 | MIPS_INS_SUBUH, 842 | MIPS_INS_SUBUH_R, 843 | MIPS_INS_SUBU, 844 | MIPS_INS_SUBU_S, 845 | MIPS_INS_SUBVI, 846 | MIPS_INS_SUBV, 847 | MIPS_INS_SUXC1, 848 | MIPS_INS_SW, 849 | MIPS_INS_SW16, 850 | MIPS_INS_SWC1, 851 | MIPS_INS_SWC2, 852 | MIPS_INS_SWC3, 853 | MIPS_INS_SWL, 854 | MIPS_INS_SWM16, 855 | MIPS_INS_SWM32, 856 | MIPS_INS_SWP, 857 | MIPS_INS_SWR, 858 | MIPS_INS_SWXC1, 859 | MIPS_INS_SYNC, 860 | MIPS_INS_SYNCI, 861 | MIPS_INS_SYSCALL, 862 | MIPS_INS_TEQ, 863 | MIPS_INS_TEQI, 864 | MIPS_INS_TGE, 865 | MIPS_INS_TGEI, 866 | MIPS_INS_TGEIU, 867 | MIPS_INS_TGEU, 868 | MIPS_INS_TLBP, 869 | MIPS_INS_TLBR, 870 | MIPS_INS_TLBWI, 871 | MIPS_INS_TLBWR, 872 | MIPS_INS_TLT, 873 | MIPS_INS_TLTI, 874 | MIPS_INS_TLTIU, 875 | MIPS_INS_TLTU, 876 | MIPS_INS_TNE, 877 | MIPS_INS_TNEI, 878 | MIPS_INS_TRUNC, 879 | MIPS_INS_V3MULU, 880 | MIPS_INS_VMM0, 881 | MIPS_INS_VMULU, 882 | MIPS_INS_VSHF, 883 | MIPS_INS_WAIT, 884 | MIPS_INS_WRDSP, 885 | MIPS_INS_WSBH, 886 | MIPS_INS_XOR, 887 | MIPS_INS_XOR16, 888 | MIPS_INS_XORI, 889 | 890 | //> some alias instructions 891 | MIPS_INS_NOP, 892 | MIPS_INS_NEGU, 893 | 894 | //> special instructions 895 | MIPS_INS_JALR_HB, // jump and link with Hazard Barrier 896 | MIPS_INS_JR_HB, // jump register with Hazard Barrier 897 | 898 | MIPS_INS_ENDING, 899 | } mips_insn; 900 | 901 | //> Group of MIPS instructions 902 | typedef enum mips_insn_group 903 | { 904 | MIPS_GRP_INVALID = 0, // = CS_GRP_INVALID 905 | 906 | //> Generic groups 907 | // all jump instructions (conditional+direct+indirect jumps) 908 | MIPS_GRP_JUMP, // = CS_GRP_JUMP 909 | // all call instructions 910 | MIPS_GRP_CALL, // = CS_GRP_CALL 911 | // all return instructions 912 | MIPS_GRP_RET, // = CS_GRP_RET 913 | // all interrupt instructions (int+syscall) 914 | MIPS_GRP_INT, // = CS_GRP_INT 915 | // all interrupt return instructions 916 | MIPS_GRP_IRET, // = CS_GRP_IRET 917 | // all privileged instructions 918 | MIPS_GRP_PRIVILEGE, // = CS_GRP_PRIVILEGE 919 | 920 | //> Architecture-specific groups 921 | MIPS_GRP_BITCOUNT = 128, 922 | MIPS_GRP_DSP, 923 | MIPS_GRP_DSPR2, 924 | MIPS_GRP_FPIDX, 925 | MIPS_GRP_MSA, 926 | MIPS_GRP_MIPS32R2, 927 | MIPS_GRP_MIPS64, 928 | MIPS_GRP_MIPS64R2, 929 | MIPS_GRP_SEINREG, 930 | MIPS_GRP_STDENC, 931 | MIPS_GRP_SWAP, 932 | MIPS_GRP_MICROMIPS, 933 | MIPS_GRP_MIPS16MODE, 934 | MIPS_GRP_FP64BIT, 935 | MIPS_GRP_NONANSFPMATH, 936 | MIPS_GRP_NOTFP64BIT, 937 | MIPS_GRP_NOTINMICROMIPS, 938 | MIPS_GRP_NOTNACL, 939 | MIPS_GRP_NOTMIPS32R6, 940 | MIPS_GRP_NOTMIPS64R6, 941 | MIPS_GRP_CNMIPS, 942 | MIPS_GRP_MIPS32, 943 | MIPS_GRP_MIPS32R6, 944 | MIPS_GRP_MIPS64R6, 945 | MIPS_GRP_MIPS2, 946 | MIPS_GRP_MIPS3, 947 | MIPS_GRP_MIPS3_32, 948 | MIPS_GRP_MIPS3_32R2, 949 | MIPS_GRP_MIPS4_32, 950 | MIPS_GRP_MIPS4_32R2, 951 | MIPS_GRP_MIPS5_32R2, 952 | MIPS_GRP_GP32BIT, 953 | MIPS_GRP_GP64BIT, 954 | 955 | MIPS_GRP_ENDING, 956 | } mips_insn_group; 957 | 958 | #ifdef __cplusplus 959 | } 960 | #endif 961 | 962 | #endif 963 | -------------------------------------------------------------------------------- /capstone/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | #ifndef CAPSTONE_PLATFORM_H 5 | #define CAPSTONE_PLATFORM_H 6 | 7 | 8 | // handle C99 issue (for pre-2013 VisualStudio) 9 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 10 | // MSVC 11 | 12 | // stdbool.h 13 | #if (_MSC_VER < 1800) || defined(_KERNEL_MODE) 14 | // this system does not have stdbool.h 15 | #ifndef __cplusplus 16 | typedef unsigned char bool; 17 | #define false 0 18 | #define true 1 19 | #endif // __cplusplus 20 | 21 | #else 22 | // VisualStudio 2013+ -> C99 is supported 23 | #include 24 | #endif // (_MSC_VER < 1800) || defined(_KERNEL_MODE) 25 | 26 | #else 27 | // not MSVC -> C99 is supported 28 | #include 29 | #endif // !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 30 | 31 | 32 | // handle inttypes.h / stdint.h compatibility 33 | #if defined(_WIN32_WCE) && (_WIN32_WCE < 0x800) 34 | #include "windowsce/stdint.h" 35 | #endif // defined(_WIN32_WCE) && (_WIN32_WCE < 0x800) 36 | 37 | #if defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))) 38 | // this system does not have inttypes.h 39 | 40 | #if defined(_MSC_VER) && (_MSC_VER < 1600 || defined(_KERNEL_MODE)) 41 | // this system does not have stdint.h 42 | typedef signed char int8_t; 43 | typedef signed short int16_t; 44 | typedef signed int int32_t; 45 | typedef unsigned char uint8_t; 46 | typedef unsigned short uint16_t; 47 | typedef unsigned int uint32_t; 48 | typedef signed long long int64_t; 49 | typedef unsigned long long uint64_t; 50 | 51 | #define INT8_MIN (-127i8 - 1) 52 | #define INT16_MIN (-32767i16 - 1) 53 | #define INT32_MIN (-2147483647i32 - 1) 54 | #define INT64_MIN (-9223372036854775807i64 - 1) 55 | #define INT8_MAX 127i8 56 | #define INT16_MAX 32767i16 57 | #define INT32_MAX 2147483647i32 58 | #define INT64_MAX 9223372036854775807i64 59 | #define UINT8_MAX 0xffui8 60 | #define UINT16_MAX 0xffffui16 61 | #define UINT32_MAX 0xffffffffui32 62 | #define UINT64_MAX 0xffffffffffffffffui64 63 | #endif // defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)) 64 | 65 | #define __PRI_8_LENGTH_MODIFIER__ "hh" 66 | #define __PRI_64_LENGTH_MODIFIER__ "ll" 67 | 68 | #define PRId8 __PRI_8_LENGTH_MODIFIER__ "d" 69 | #define PRIi8 __PRI_8_LENGTH_MODIFIER__ "i" 70 | #define PRIo8 __PRI_8_LENGTH_MODIFIER__ "o" 71 | #define PRIu8 __PRI_8_LENGTH_MODIFIER__ "u" 72 | #define PRIx8 __PRI_8_LENGTH_MODIFIER__ "x" 73 | #define PRIX8 __PRI_8_LENGTH_MODIFIER__ "X" 74 | 75 | #define PRId16 "hd" 76 | #define PRIi16 "hi" 77 | #define PRIo16 "ho" 78 | #define PRIu16 "hu" 79 | #define PRIx16 "hx" 80 | #define PRIX16 "hX" 81 | 82 | #if defined(_MSC_VER) && _MSC_VER <= 1700 83 | #define PRId32 "ld" 84 | #define PRIi32 "li" 85 | #define PRIo32 "lo" 86 | #define PRIu32 "lu" 87 | #define PRIx32 "lx" 88 | #define PRIX32 "lX" 89 | #else // OSX 90 | #define PRId32 "d" 91 | #define PRIi32 "i" 92 | #define PRIo32 "o" 93 | #define PRIu32 "u" 94 | #define PRIx32 "x" 95 | #define PRIX32 "X" 96 | #endif // defined(_MSC_VER) && _MSC_VER <= 1700 97 | 98 | #if defined(_MSC_VER) && _MSC_VER <= 1700 99 | // redefine functions from inttypes.h used in cstool 100 | #define strtoull _strtoui64 101 | #endif 102 | 103 | #define PRId64 __PRI_64_LENGTH_MODIFIER__ "d" 104 | #define PRIi64 __PRI_64_LENGTH_MODIFIER__ "i" 105 | #define PRIo64 __PRI_64_LENGTH_MODIFIER__ "o" 106 | #define PRIu64 __PRI_64_LENGTH_MODIFIER__ "u" 107 | #define PRIx64 __PRI_64_LENGTH_MODIFIER__ "x" 108 | #define PRIX64 __PRI_64_LENGTH_MODIFIER__ "X" 109 | 110 | #else 111 | // this system has inttypes.h by default 112 | #include 113 | #endif // defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))) 114 | 115 | #endif 116 | -------------------------------------------------------------------------------- /capstone/sparc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SPARC_H 2 | #define CAPSTONE_SPARC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | // GCC SPARC toolchain has a default macro called "sparc" which breaks 14 | // compilation 15 | #undef sparc 16 | 17 | #ifdef _MSC_VER 18 | #pragma warning(disable:4201) 19 | #endif 20 | 21 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's. 22 | typedef enum sparc_cc 23 | { 24 | SPARC_CC_INVALID = 0, // invalid CC (default) 25 | //> Integer condition codes 26 | SPARC_CC_ICC_A = 8 + 256, // Always 27 | SPARC_CC_ICC_N = 0 + 256, // Never 28 | SPARC_CC_ICC_NE = 9 + 256, // Not Equal 29 | SPARC_CC_ICC_E = 1 + 256, // Equal 30 | SPARC_CC_ICC_G = 10 + 256, // Greater 31 | SPARC_CC_ICC_LE = 2 + 256, // Less or Equal 32 | SPARC_CC_ICC_GE = 11 + 256, // Greater or Equal 33 | SPARC_CC_ICC_L = 3 + 256, // Less 34 | SPARC_CC_ICC_GU = 12 + 256, // Greater Unsigned 35 | SPARC_CC_ICC_LEU = 4 + 256, // Less or Equal Unsigned 36 | SPARC_CC_ICC_CC = 13 + 256, // Carry Clear/Great or Equal Unsigned 37 | SPARC_CC_ICC_CS = 5 + 256, // Carry Set/Less Unsigned 38 | SPARC_CC_ICC_POS = 14 + 256, // Positive 39 | SPARC_CC_ICC_NEG = 6 + 256, // Negative 40 | SPARC_CC_ICC_VC = 15 + 256, // Overflow Clear 41 | SPARC_CC_ICC_VS = 7 + 256, // Overflow Set 42 | 43 | //> Floating condition codes 44 | SPARC_CC_FCC_A = 8 + 16 + 256, // Always 45 | SPARC_CC_FCC_N = 0 + 16 + 256, // Never 46 | SPARC_CC_FCC_U = 7 + 16 + 256, // Unordered 47 | SPARC_CC_FCC_G = 6 + 16 + 256, // Greater 48 | SPARC_CC_FCC_UG = 5 + 16 + 256, // Unordered or Greater 49 | SPARC_CC_FCC_L = 4 + 16 + 256, // Less 50 | SPARC_CC_FCC_UL = 3 + 16 + 256, // Unordered or Less 51 | SPARC_CC_FCC_LG = 2 + 16 + 256, // Less or Greater 52 | SPARC_CC_FCC_NE = 1 + 16 + 256, // Not Equal 53 | SPARC_CC_FCC_E = 9 + 16 + 256, // Equal 54 | SPARC_CC_FCC_UE = 10 + 16 + 256, // Unordered or Equal 55 | SPARC_CC_FCC_GE = 11 + 16 + 256, // Greater or Equal 56 | SPARC_CC_FCC_UGE = 12 + 16 + 256, // Unordered or Greater or Equal 57 | SPARC_CC_FCC_LE = 13 + 16 + 256, // Less or Equal 58 | SPARC_CC_FCC_ULE = 14 + 16 + 256, // Unordered or Less or Equal 59 | SPARC_CC_FCC_O = 15 + 16 + 256, // Ordered 60 | } sparc_cc; 61 | 62 | //> Branch hint 63 | typedef enum sparc_hint 64 | { 65 | SPARC_HINT_INVALID = 0, // no hint 66 | SPARC_HINT_A = 1 << 0, // annul delay slot instruction 67 | SPARC_HINT_PT = 1 << 1, // branch taken 68 | SPARC_HINT_PN = 1 << 2, // branch NOT taken 69 | } sparc_hint; 70 | 71 | //> Operand type for instruction's operands 72 | typedef enum sparc_op_type 73 | { 74 | SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 75 | SPARC_OP_REG, // = CS_OP_REG (Register operand). 76 | SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand). 77 | SPARC_OP_MEM, // = CS_OP_MEM (Memory operand). 78 | } sparc_op_type; 79 | 80 | //> SPARC registers 81 | typedef enum sparc_reg 82 | { 83 | SPARC_REG_INVALID = 0, 84 | 85 | SPARC_REG_F0, 86 | SPARC_REG_F1, 87 | SPARC_REG_F2, 88 | SPARC_REG_F3, 89 | SPARC_REG_F4, 90 | SPARC_REG_F5, 91 | SPARC_REG_F6, 92 | SPARC_REG_F7, 93 | SPARC_REG_F8, 94 | SPARC_REG_F9, 95 | SPARC_REG_F10, 96 | SPARC_REG_F11, 97 | SPARC_REG_F12, 98 | SPARC_REG_F13, 99 | SPARC_REG_F14, 100 | SPARC_REG_F15, 101 | SPARC_REG_F16, 102 | SPARC_REG_F17, 103 | SPARC_REG_F18, 104 | SPARC_REG_F19, 105 | SPARC_REG_F20, 106 | SPARC_REG_F21, 107 | SPARC_REG_F22, 108 | SPARC_REG_F23, 109 | SPARC_REG_F24, 110 | SPARC_REG_F25, 111 | SPARC_REG_F26, 112 | SPARC_REG_F27, 113 | SPARC_REG_F28, 114 | SPARC_REG_F29, 115 | SPARC_REG_F30, 116 | SPARC_REG_F31, 117 | SPARC_REG_F32, 118 | SPARC_REG_F34, 119 | SPARC_REG_F36, 120 | SPARC_REG_F38, 121 | SPARC_REG_F40, 122 | SPARC_REG_F42, 123 | SPARC_REG_F44, 124 | SPARC_REG_F46, 125 | SPARC_REG_F48, 126 | SPARC_REG_F50, 127 | SPARC_REG_F52, 128 | SPARC_REG_F54, 129 | SPARC_REG_F56, 130 | SPARC_REG_F58, 131 | SPARC_REG_F60, 132 | SPARC_REG_F62, 133 | SPARC_REG_FCC0, // Floating condition codes 134 | SPARC_REG_FCC1, 135 | SPARC_REG_FCC2, 136 | SPARC_REG_FCC3, 137 | SPARC_REG_FP, 138 | SPARC_REG_G0, 139 | SPARC_REG_G1, 140 | SPARC_REG_G2, 141 | SPARC_REG_G3, 142 | SPARC_REG_G4, 143 | SPARC_REG_G5, 144 | SPARC_REG_G6, 145 | SPARC_REG_G7, 146 | SPARC_REG_I0, 147 | SPARC_REG_I1, 148 | SPARC_REG_I2, 149 | SPARC_REG_I3, 150 | SPARC_REG_I4, 151 | SPARC_REG_I5, 152 | SPARC_REG_I7, 153 | SPARC_REG_ICC, // Integer condition codes 154 | SPARC_REG_L0, 155 | SPARC_REG_L1, 156 | SPARC_REG_L2, 157 | SPARC_REG_L3, 158 | SPARC_REG_L4, 159 | SPARC_REG_L5, 160 | SPARC_REG_L6, 161 | SPARC_REG_L7, 162 | SPARC_REG_O0, 163 | SPARC_REG_O1, 164 | SPARC_REG_O2, 165 | SPARC_REG_O3, 166 | SPARC_REG_O4, 167 | SPARC_REG_O5, 168 | SPARC_REG_O7, 169 | SPARC_REG_SP, 170 | SPARC_REG_Y, 171 | 172 | // special register 173 | SPARC_REG_XCC, 174 | 175 | SPARC_REG_ENDING, // <-- mark the end of the list of registers 176 | 177 | // extras 178 | SPARC_REG_O6 = SPARC_REG_SP, 179 | SPARC_REG_I6 = SPARC_REG_FP, 180 | } sparc_reg; 181 | 182 | // Instruction's operand referring to memory 183 | // This is associated with SPARC_OP_MEM operand type above 184 | typedef struct sparc_op_mem 185 | { 186 | uint8_t base; // base register, can be safely interpreted as 187 | // a value of type `sparc_reg`, but it is only 188 | // one byte wide 189 | uint8_t index; // index register, same conditions apply here 190 | int32_t disp; // displacement/offset value 191 | } sparc_op_mem; 192 | 193 | // Instruction operand 194 | typedef struct cs_sparc_op 195 | { 196 | sparc_op_type type; // operand type 197 | union 198 | { 199 | sparc_reg reg; // register value for REG operand 200 | int32_t imm; // immediate value for IMM operand 201 | sparc_op_mem mem; // base/disp value for MEM operand 202 | }; 203 | } cs_sparc_op; 204 | 205 | // Instruction structure 206 | typedef struct cs_sparc 207 | { 208 | sparc_cc cc; // code condition for this insn 209 | sparc_hint hint; // branch hint: encoding as bitwise OR of sparc_hint. 210 | // Number of operands of this instruction, 211 | // or 0 when instruction has no operand. 212 | uint8_t op_count; 213 | cs_sparc_op operands[4]; // operands for this instruction. 214 | } cs_sparc; 215 | 216 | //> SPARC instruction 217 | typedef enum sparc_insn 218 | { 219 | SPARC_INS_INVALID = 0, 220 | 221 | SPARC_INS_ADDCC, 222 | SPARC_INS_ADDX, 223 | SPARC_INS_ADDXCC, 224 | SPARC_INS_ADDXC, 225 | SPARC_INS_ADDXCCC, 226 | SPARC_INS_ADD, 227 | SPARC_INS_ALIGNADDR, 228 | SPARC_INS_ALIGNADDRL, 229 | SPARC_INS_ANDCC, 230 | SPARC_INS_ANDNCC, 231 | SPARC_INS_ANDN, 232 | SPARC_INS_AND, 233 | SPARC_INS_ARRAY16, 234 | SPARC_INS_ARRAY32, 235 | SPARC_INS_ARRAY8, 236 | SPARC_INS_B, 237 | SPARC_INS_JMP, 238 | SPARC_INS_BMASK, 239 | SPARC_INS_FB, 240 | SPARC_INS_BRGEZ, 241 | SPARC_INS_BRGZ, 242 | SPARC_INS_BRLEZ, 243 | SPARC_INS_BRLZ, 244 | SPARC_INS_BRNZ, 245 | SPARC_INS_BRZ, 246 | SPARC_INS_BSHUFFLE, 247 | SPARC_INS_CALL, 248 | SPARC_INS_CASX, 249 | SPARC_INS_CAS, 250 | SPARC_INS_CMASK16, 251 | SPARC_INS_CMASK32, 252 | SPARC_INS_CMASK8, 253 | SPARC_INS_CMP, 254 | SPARC_INS_EDGE16, 255 | SPARC_INS_EDGE16L, 256 | SPARC_INS_EDGE16LN, 257 | SPARC_INS_EDGE16N, 258 | SPARC_INS_EDGE32, 259 | SPARC_INS_EDGE32L, 260 | SPARC_INS_EDGE32LN, 261 | SPARC_INS_EDGE32N, 262 | SPARC_INS_EDGE8, 263 | SPARC_INS_EDGE8L, 264 | SPARC_INS_EDGE8LN, 265 | SPARC_INS_EDGE8N, 266 | SPARC_INS_FABSD, 267 | SPARC_INS_FABSQ, 268 | SPARC_INS_FABSS, 269 | SPARC_INS_FADDD, 270 | SPARC_INS_FADDQ, 271 | SPARC_INS_FADDS, 272 | SPARC_INS_FALIGNDATA, 273 | SPARC_INS_FAND, 274 | SPARC_INS_FANDNOT1, 275 | SPARC_INS_FANDNOT1S, 276 | SPARC_INS_FANDNOT2, 277 | SPARC_INS_FANDNOT2S, 278 | SPARC_INS_FANDS, 279 | SPARC_INS_FCHKSM16, 280 | SPARC_INS_FCMPD, 281 | SPARC_INS_FCMPEQ16, 282 | SPARC_INS_FCMPEQ32, 283 | SPARC_INS_FCMPGT16, 284 | SPARC_INS_FCMPGT32, 285 | SPARC_INS_FCMPLE16, 286 | SPARC_INS_FCMPLE32, 287 | SPARC_INS_FCMPNE16, 288 | SPARC_INS_FCMPNE32, 289 | SPARC_INS_FCMPQ, 290 | SPARC_INS_FCMPS, 291 | SPARC_INS_FDIVD, 292 | SPARC_INS_FDIVQ, 293 | SPARC_INS_FDIVS, 294 | SPARC_INS_FDMULQ, 295 | SPARC_INS_FDTOI, 296 | SPARC_INS_FDTOQ, 297 | SPARC_INS_FDTOS, 298 | SPARC_INS_FDTOX, 299 | SPARC_INS_FEXPAND, 300 | SPARC_INS_FHADDD, 301 | SPARC_INS_FHADDS, 302 | SPARC_INS_FHSUBD, 303 | SPARC_INS_FHSUBS, 304 | SPARC_INS_FITOD, 305 | SPARC_INS_FITOQ, 306 | SPARC_INS_FITOS, 307 | SPARC_INS_FLCMPD, 308 | SPARC_INS_FLCMPS, 309 | SPARC_INS_FLUSHW, 310 | SPARC_INS_FMEAN16, 311 | SPARC_INS_FMOVD, 312 | SPARC_INS_FMOVQ, 313 | SPARC_INS_FMOVRDGEZ, 314 | SPARC_INS_FMOVRQGEZ, 315 | SPARC_INS_FMOVRSGEZ, 316 | SPARC_INS_FMOVRDGZ, 317 | SPARC_INS_FMOVRQGZ, 318 | SPARC_INS_FMOVRSGZ, 319 | SPARC_INS_FMOVRDLEZ, 320 | SPARC_INS_FMOVRQLEZ, 321 | SPARC_INS_FMOVRSLEZ, 322 | SPARC_INS_FMOVRDLZ, 323 | SPARC_INS_FMOVRQLZ, 324 | SPARC_INS_FMOVRSLZ, 325 | SPARC_INS_FMOVRDNZ, 326 | SPARC_INS_FMOVRQNZ, 327 | SPARC_INS_FMOVRSNZ, 328 | SPARC_INS_FMOVRDZ, 329 | SPARC_INS_FMOVRQZ, 330 | SPARC_INS_FMOVRSZ, 331 | SPARC_INS_FMOVS, 332 | SPARC_INS_FMUL8SUX16, 333 | SPARC_INS_FMUL8ULX16, 334 | SPARC_INS_FMUL8X16, 335 | SPARC_INS_FMUL8X16AL, 336 | SPARC_INS_FMUL8X16AU, 337 | SPARC_INS_FMULD, 338 | SPARC_INS_FMULD8SUX16, 339 | SPARC_INS_FMULD8ULX16, 340 | SPARC_INS_FMULQ, 341 | SPARC_INS_FMULS, 342 | SPARC_INS_FNADDD, 343 | SPARC_INS_FNADDS, 344 | SPARC_INS_FNAND, 345 | SPARC_INS_FNANDS, 346 | SPARC_INS_FNEGD, 347 | SPARC_INS_FNEGQ, 348 | SPARC_INS_FNEGS, 349 | SPARC_INS_FNHADDD, 350 | SPARC_INS_FNHADDS, 351 | SPARC_INS_FNOR, 352 | SPARC_INS_FNORS, 353 | SPARC_INS_FNOT1, 354 | SPARC_INS_FNOT1S, 355 | SPARC_INS_FNOT2, 356 | SPARC_INS_FNOT2S, 357 | SPARC_INS_FONE, 358 | SPARC_INS_FONES, 359 | SPARC_INS_FOR, 360 | SPARC_INS_FORNOT1, 361 | SPARC_INS_FORNOT1S, 362 | SPARC_INS_FORNOT2, 363 | SPARC_INS_FORNOT2S, 364 | SPARC_INS_FORS, 365 | SPARC_INS_FPACK16, 366 | SPARC_INS_FPACK32, 367 | SPARC_INS_FPACKFIX, 368 | SPARC_INS_FPADD16, 369 | SPARC_INS_FPADD16S, 370 | SPARC_INS_FPADD32, 371 | SPARC_INS_FPADD32S, 372 | SPARC_INS_FPADD64, 373 | SPARC_INS_FPMERGE, 374 | SPARC_INS_FPSUB16, 375 | SPARC_INS_FPSUB16S, 376 | SPARC_INS_FPSUB32, 377 | SPARC_INS_FPSUB32S, 378 | SPARC_INS_FQTOD, 379 | SPARC_INS_FQTOI, 380 | SPARC_INS_FQTOS, 381 | SPARC_INS_FQTOX, 382 | SPARC_INS_FSLAS16, 383 | SPARC_INS_FSLAS32, 384 | SPARC_INS_FSLL16, 385 | SPARC_INS_FSLL32, 386 | SPARC_INS_FSMULD, 387 | SPARC_INS_FSQRTD, 388 | SPARC_INS_FSQRTQ, 389 | SPARC_INS_FSQRTS, 390 | SPARC_INS_FSRA16, 391 | SPARC_INS_FSRA32, 392 | SPARC_INS_FSRC1, 393 | SPARC_INS_FSRC1S, 394 | SPARC_INS_FSRC2, 395 | SPARC_INS_FSRC2S, 396 | SPARC_INS_FSRL16, 397 | SPARC_INS_FSRL32, 398 | SPARC_INS_FSTOD, 399 | SPARC_INS_FSTOI, 400 | SPARC_INS_FSTOQ, 401 | SPARC_INS_FSTOX, 402 | SPARC_INS_FSUBD, 403 | SPARC_INS_FSUBQ, 404 | SPARC_INS_FSUBS, 405 | SPARC_INS_FXNOR, 406 | SPARC_INS_FXNORS, 407 | SPARC_INS_FXOR, 408 | SPARC_INS_FXORS, 409 | SPARC_INS_FXTOD, 410 | SPARC_INS_FXTOQ, 411 | SPARC_INS_FXTOS, 412 | SPARC_INS_FZERO, 413 | SPARC_INS_FZEROS, 414 | SPARC_INS_JMPL, 415 | SPARC_INS_LDD, 416 | SPARC_INS_LD, 417 | SPARC_INS_LDQ, 418 | SPARC_INS_LDSB, 419 | SPARC_INS_LDSH, 420 | SPARC_INS_LDSW, 421 | SPARC_INS_LDUB, 422 | SPARC_INS_LDUH, 423 | SPARC_INS_LDX, 424 | SPARC_INS_LZCNT, 425 | SPARC_INS_MEMBAR, 426 | SPARC_INS_MOVDTOX, 427 | SPARC_INS_MOV, 428 | SPARC_INS_MOVRGEZ, 429 | SPARC_INS_MOVRGZ, 430 | SPARC_INS_MOVRLEZ, 431 | SPARC_INS_MOVRLZ, 432 | SPARC_INS_MOVRNZ, 433 | SPARC_INS_MOVRZ, 434 | SPARC_INS_MOVSTOSW, 435 | SPARC_INS_MOVSTOUW, 436 | SPARC_INS_MULX, 437 | SPARC_INS_NOP, 438 | SPARC_INS_ORCC, 439 | SPARC_INS_ORNCC, 440 | SPARC_INS_ORN, 441 | SPARC_INS_OR, 442 | SPARC_INS_PDIST, 443 | SPARC_INS_PDISTN, 444 | SPARC_INS_POPC, 445 | SPARC_INS_RD, 446 | SPARC_INS_RESTORE, 447 | SPARC_INS_RETT, 448 | SPARC_INS_SAVE, 449 | SPARC_INS_SDIVCC, 450 | SPARC_INS_SDIVX, 451 | SPARC_INS_SDIV, 452 | SPARC_INS_SETHI, 453 | SPARC_INS_SHUTDOWN, 454 | SPARC_INS_SIAM, 455 | SPARC_INS_SLLX, 456 | SPARC_INS_SLL, 457 | SPARC_INS_SMULCC, 458 | SPARC_INS_SMUL, 459 | SPARC_INS_SRAX, 460 | SPARC_INS_SRA, 461 | SPARC_INS_SRLX, 462 | SPARC_INS_SRL, 463 | SPARC_INS_STBAR, 464 | SPARC_INS_STB, 465 | SPARC_INS_STD, 466 | SPARC_INS_ST, 467 | SPARC_INS_STH, 468 | SPARC_INS_STQ, 469 | SPARC_INS_STX, 470 | SPARC_INS_SUBCC, 471 | SPARC_INS_SUBX, 472 | SPARC_INS_SUBXCC, 473 | SPARC_INS_SUB, 474 | SPARC_INS_SWAP, 475 | SPARC_INS_TADDCCTV, 476 | SPARC_INS_TADDCC, 477 | SPARC_INS_T, 478 | SPARC_INS_TSUBCCTV, 479 | SPARC_INS_TSUBCC, 480 | SPARC_INS_UDIVCC, 481 | SPARC_INS_UDIVX, 482 | SPARC_INS_UDIV, 483 | SPARC_INS_UMULCC, 484 | SPARC_INS_UMULXHI, 485 | SPARC_INS_UMUL, 486 | SPARC_INS_UNIMP, 487 | SPARC_INS_FCMPED, 488 | SPARC_INS_FCMPEQ, 489 | SPARC_INS_FCMPES, 490 | SPARC_INS_WR, 491 | SPARC_INS_XMULX, 492 | SPARC_INS_XMULXHI, 493 | SPARC_INS_XNORCC, 494 | SPARC_INS_XNOR, 495 | SPARC_INS_XORCC, 496 | SPARC_INS_XOR, 497 | 498 | // alias instructions 499 | SPARC_INS_RET, 500 | SPARC_INS_RETL, 501 | 502 | SPARC_INS_ENDING, // <-- mark the end of the list of instructions 503 | } sparc_insn; 504 | 505 | //> Group of SPARC instructions 506 | typedef enum sparc_insn_group 507 | { 508 | SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID 509 | 510 | //> Generic groups 511 | // all jump instructions (conditional+direct+indirect jumps) 512 | SPARC_GRP_JUMP, // = CS_GRP_JUMP 513 | 514 | //> Architecture-specific groups 515 | SPARC_GRP_HARDQUAD = 128, 516 | SPARC_GRP_V9, 517 | SPARC_GRP_VIS, 518 | SPARC_GRP_VIS2, 519 | SPARC_GRP_VIS3, 520 | SPARC_GRP_32BIT, 521 | SPARC_GRP_64BIT, 522 | 523 | SPARC_GRP_ENDING, // <-- mark the end of the list of groups 524 | } sparc_insn_group; 525 | 526 | #ifdef __cplusplus 527 | } 528 | #endif 529 | 530 | #endif 531 | -------------------------------------------------------------------------------- /capstone/systemz.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SYSTEMZ_H 2 | #define CAPSTONE_SYSTEMZ_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | #ifdef _MSC_VER 14 | #pragma warning(disable:4201) 15 | #endif 16 | 17 | //> Enums corresponding to SystemZ condition codes 18 | typedef enum sysz_cc 19 | { 20 | SYSZ_CC_INVALID = 0, // invalid CC (default) 21 | 22 | SYSZ_CC_O, 23 | SYSZ_CC_H, 24 | SYSZ_CC_NLE, 25 | SYSZ_CC_L, 26 | SYSZ_CC_NHE, 27 | SYSZ_CC_LH, 28 | SYSZ_CC_NE, 29 | SYSZ_CC_E, 30 | SYSZ_CC_NLH, 31 | SYSZ_CC_HE, 32 | SYSZ_CC_NL, 33 | SYSZ_CC_LE, 34 | SYSZ_CC_NH, 35 | SYSZ_CC_NO, 36 | } sysz_cc; 37 | 38 | //> Operand type for instruction's operands 39 | typedef enum sysz_op_type 40 | { 41 | SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 42 | SYSZ_OP_REG, // = CS_OP_REG (Register operand). 43 | SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand). 44 | SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand). 45 | SYSZ_OP_ACREG = 64, // Access register operand. 46 | } sysz_op_type; 47 | 48 | //> SystemZ registers 49 | typedef enum sysz_reg 50 | { 51 | SYSZ_REG_INVALID = 0, 52 | 53 | SYSZ_REG_0, 54 | SYSZ_REG_1, 55 | SYSZ_REG_2, 56 | SYSZ_REG_3, 57 | SYSZ_REG_4, 58 | SYSZ_REG_5, 59 | SYSZ_REG_6, 60 | SYSZ_REG_7, 61 | SYSZ_REG_8, 62 | SYSZ_REG_9, 63 | SYSZ_REG_10, 64 | SYSZ_REG_11, 65 | SYSZ_REG_12, 66 | SYSZ_REG_13, 67 | SYSZ_REG_14, 68 | SYSZ_REG_15, 69 | SYSZ_REG_CC, 70 | SYSZ_REG_F0, 71 | SYSZ_REG_F1, 72 | SYSZ_REG_F2, 73 | SYSZ_REG_F3, 74 | SYSZ_REG_F4, 75 | SYSZ_REG_F5, 76 | SYSZ_REG_F6, 77 | SYSZ_REG_F7, 78 | SYSZ_REG_F8, 79 | SYSZ_REG_F9, 80 | SYSZ_REG_F10, 81 | SYSZ_REG_F11, 82 | SYSZ_REG_F12, 83 | SYSZ_REG_F13, 84 | SYSZ_REG_F14, 85 | SYSZ_REG_F15, 86 | 87 | SYSZ_REG_R0L, 88 | 89 | SYSZ_REG_ENDING, 90 | } sysz_reg; 91 | 92 | // Instruction's operand referring to memory 93 | // This is associated with SYSZ_OP_MEM operand type above 94 | typedef struct sysz_op_mem 95 | { 96 | uint8_t base; // base register, can be safely interpreted as 97 | // a value of type `sysz_reg`, but it is only 98 | // one byte wide 99 | uint8_t index; // index register, same conditions apply here 100 | uint64_t length; // BDLAddr operand 101 | int64_t disp; // displacement/offset value 102 | } sysz_op_mem; 103 | 104 | // Instruction operand 105 | typedef struct cs_sysz_op 106 | { 107 | sysz_op_type type; // operand type 108 | union 109 | { 110 | sysz_reg reg; // register value for REG operand 111 | int64_t imm; // immediate value for IMM operand 112 | sysz_op_mem mem; // base/disp value for MEM operand 113 | }; 114 | } cs_sysz_op; 115 | 116 | // Instruction structure 117 | typedef struct cs_sysz 118 | { 119 | sysz_cc cc; // Code condition 120 | // Number of operands of this instruction, 121 | // or 0 when instruction has no operand. 122 | uint8_t op_count; 123 | cs_sysz_op operands[6]; // operands for this instruction. 124 | } cs_sysz; 125 | 126 | //> SystemZ instruction 127 | typedef enum sysz_insn 128 | { 129 | SYSZ_INS_INVALID = 0, 130 | 131 | SYSZ_INS_A, 132 | SYSZ_INS_ADB, 133 | SYSZ_INS_ADBR, 134 | SYSZ_INS_AEB, 135 | SYSZ_INS_AEBR, 136 | SYSZ_INS_AFI, 137 | SYSZ_INS_AG, 138 | SYSZ_INS_AGF, 139 | SYSZ_INS_AGFI, 140 | SYSZ_INS_AGFR, 141 | SYSZ_INS_AGHI, 142 | SYSZ_INS_AGHIK, 143 | SYSZ_INS_AGR, 144 | SYSZ_INS_AGRK, 145 | SYSZ_INS_AGSI, 146 | SYSZ_INS_AH, 147 | SYSZ_INS_AHI, 148 | SYSZ_INS_AHIK, 149 | SYSZ_INS_AHY, 150 | SYSZ_INS_AIH, 151 | SYSZ_INS_AL, 152 | SYSZ_INS_ALC, 153 | SYSZ_INS_ALCG, 154 | SYSZ_INS_ALCGR, 155 | SYSZ_INS_ALCR, 156 | SYSZ_INS_ALFI, 157 | SYSZ_INS_ALG, 158 | SYSZ_INS_ALGF, 159 | SYSZ_INS_ALGFI, 160 | SYSZ_INS_ALGFR, 161 | SYSZ_INS_ALGHSIK, 162 | SYSZ_INS_ALGR, 163 | SYSZ_INS_ALGRK, 164 | SYSZ_INS_ALHSIK, 165 | SYSZ_INS_ALR, 166 | SYSZ_INS_ALRK, 167 | SYSZ_INS_ALY, 168 | SYSZ_INS_AR, 169 | SYSZ_INS_ARK, 170 | SYSZ_INS_ASI, 171 | SYSZ_INS_AXBR, 172 | SYSZ_INS_AY, 173 | SYSZ_INS_BCR, 174 | SYSZ_INS_BRC, 175 | SYSZ_INS_BRCL, 176 | SYSZ_INS_CGIJ, 177 | SYSZ_INS_CGRJ, 178 | SYSZ_INS_CIJ, 179 | SYSZ_INS_CLGIJ, 180 | SYSZ_INS_CLGRJ, 181 | SYSZ_INS_CLIJ, 182 | SYSZ_INS_CLRJ, 183 | SYSZ_INS_CRJ, 184 | SYSZ_INS_BER, 185 | SYSZ_INS_JE, 186 | SYSZ_INS_JGE, 187 | SYSZ_INS_LOCE, 188 | SYSZ_INS_LOCGE, 189 | SYSZ_INS_LOCGRE, 190 | SYSZ_INS_LOCRE, 191 | SYSZ_INS_STOCE, 192 | SYSZ_INS_STOCGE, 193 | SYSZ_INS_BHR, 194 | SYSZ_INS_BHER, 195 | SYSZ_INS_JHE, 196 | SYSZ_INS_JGHE, 197 | SYSZ_INS_LOCHE, 198 | SYSZ_INS_LOCGHE, 199 | SYSZ_INS_LOCGRHE, 200 | SYSZ_INS_LOCRHE, 201 | SYSZ_INS_STOCHE, 202 | SYSZ_INS_STOCGHE, 203 | SYSZ_INS_JH, 204 | SYSZ_INS_JGH, 205 | SYSZ_INS_LOCH, 206 | SYSZ_INS_LOCGH, 207 | SYSZ_INS_LOCGRH, 208 | SYSZ_INS_LOCRH, 209 | SYSZ_INS_STOCH, 210 | SYSZ_INS_STOCGH, 211 | SYSZ_INS_CGIJNLH, 212 | SYSZ_INS_CGRJNLH, 213 | SYSZ_INS_CIJNLH, 214 | SYSZ_INS_CLGIJNLH, 215 | SYSZ_INS_CLGRJNLH, 216 | SYSZ_INS_CLIJNLH, 217 | SYSZ_INS_CLRJNLH, 218 | SYSZ_INS_CRJNLH, 219 | SYSZ_INS_CGIJE, 220 | SYSZ_INS_CGRJE, 221 | SYSZ_INS_CIJE, 222 | SYSZ_INS_CLGIJE, 223 | SYSZ_INS_CLGRJE, 224 | SYSZ_INS_CLIJE, 225 | SYSZ_INS_CLRJE, 226 | SYSZ_INS_CRJE, 227 | SYSZ_INS_CGIJNLE, 228 | SYSZ_INS_CGRJNLE, 229 | SYSZ_INS_CIJNLE, 230 | SYSZ_INS_CLGIJNLE, 231 | SYSZ_INS_CLGRJNLE, 232 | SYSZ_INS_CLIJNLE, 233 | SYSZ_INS_CLRJNLE, 234 | SYSZ_INS_CRJNLE, 235 | SYSZ_INS_CGIJH, 236 | SYSZ_INS_CGRJH, 237 | SYSZ_INS_CIJH, 238 | SYSZ_INS_CLGIJH, 239 | SYSZ_INS_CLGRJH, 240 | SYSZ_INS_CLIJH, 241 | SYSZ_INS_CLRJH, 242 | SYSZ_INS_CRJH, 243 | SYSZ_INS_CGIJNL, 244 | SYSZ_INS_CGRJNL, 245 | SYSZ_INS_CIJNL, 246 | SYSZ_INS_CLGIJNL, 247 | SYSZ_INS_CLGRJNL, 248 | SYSZ_INS_CLIJNL, 249 | SYSZ_INS_CLRJNL, 250 | SYSZ_INS_CRJNL, 251 | SYSZ_INS_CGIJHE, 252 | SYSZ_INS_CGRJHE, 253 | SYSZ_INS_CIJHE, 254 | SYSZ_INS_CLGIJHE, 255 | SYSZ_INS_CLGRJHE, 256 | SYSZ_INS_CLIJHE, 257 | SYSZ_INS_CLRJHE, 258 | SYSZ_INS_CRJHE, 259 | SYSZ_INS_CGIJNHE, 260 | SYSZ_INS_CGRJNHE, 261 | SYSZ_INS_CIJNHE, 262 | SYSZ_INS_CLGIJNHE, 263 | SYSZ_INS_CLGRJNHE, 264 | SYSZ_INS_CLIJNHE, 265 | SYSZ_INS_CLRJNHE, 266 | SYSZ_INS_CRJNHE, 267 | SYSZ_INS_CGIJL, 268 | SYSZ_INS_CGRJL, 269 | SYSZ_INS_CIJL, 270 | SYSZ_INS_CLGIJL, 271 | SYSZ_INS_CLGRJL, 272 | SYSZ_INS_CLIJL, 273 | SYSZ_INS_CLRJL, 274 | SYSZ_INS_CRJL, 275 | SYSZ_INS_CGIJNH, 276 | SYSZ_INS_CGRJNH, 277 | SYSZ_INS_CIJNH, 278 | SYSZ_INS_CLGIJNH, 279 | SYSZ_INS_CLGRJNH, 280 | SYSZ_INS_CLIJNH, 281 | SYSZ_INS_CLRJNH, 282 | SYSZ_INS_CRJNH, 283 | SYSZ_INS_CGIJLE, 284 | SYSZ_INS_CGRJLE, 285 | SYSZ_INS_CIJLE, 286 | SYSZ_INS_CLGIJLE, 287 | SYSZ_INS_CLGRJLE, 288 | SYSZ_INS_CLIJLE, 289 | SYSZ_INS_CLRJLE, 290 | SYSZ_INS_CRJLE, 291 | SYSZ_INS_CGIJNE, 292 | SYSZ_INS_CGRJNE, 293 | SYSZ_INS_CIJNE, 294 | SYSZ_INS_CLGIJNE, 295 | SYSZ_INS_CLGRJNE, 296 | SYSZ_INS_CLIJNE, 297 | SYSZ_INS_CLRJNE, 298 | SYSZ_INS_CRJNE, 299 | SYSZ_INS_CGIJLH, 300 | SYSZ_INS_CGRJLH, 301 | SYSZ_INS_CIJLH, 302 | SYSZ_INS_CLGIJLH, 303 | SYSZ_INS_CLGRJLH, 304 | SYSZ_INS_CLIJLH, 305 | SYSZ_INS_CLRJLH, 306 | SYSZ_INS_CRJLH, 307 | SYSZ_INS_BLR, 308 | SYSZ_INS_BLER, 309 | SYSZ_INS_JLE, 310 | SYSZ_INS_JGLE, 311 | SYSZ_INS_LOCLE, 312 | SYSZ_INS_LOCGLE, 313 | SYSZ_INS_LOCGRLE, 314 | SYSZ_INS_LOCRLE, 315 | SYSZ_INS_STOCLE, 316 | SYSZ_INS_STOCGLE, 317 | SYSZ_INS_BLHR, 318 | SYSZ_INS_JLH, 319 | SYSZ_INS_JGLH, 320 | SYSZ_INS_LOCLH, 321 | SYSZ_INS_LOCGLH, 322 | SYSZ_INS_LOCGRLH, 323 | SYSZ_INS_LOCRLH, 324 | SYSZ_INS_STOCLH, 325 | SYSZ_INS_STOCGLH, 326 | SYSZ_INS_JL, 327 | SYSZ_INS_JGL, 328 | SYSZ_INS_LOCL, 329 | SYSZ_INS_LOCGL, 330 | SYSZ_INS_LOCGRL, 331 | SYSZ_INS_LOCRL, 332 | SYSZ_INS_LOC, 333 | SYSZ_INS_LOCG, 334 | SYSZ_INS_LOCGR, 335 | SYSZ_INS_LOCR, 336 | SYSZ_INS_STOCL, 337 | SYSZ_INS_STOCGL, 338 | SYSZ_INS_BNER, 339 | SYSZ_INS_JNE, 340 | SYSZ_INS_JGNE, 341 | SYSZ_INS_LOCNE, 342 | SYSZ_INS_LOCGNE, 343 | SYSZ_INS_LOCGRNE, 344 | SYSZ_INS_LOCRNE, 345 | SYSZ_INS_STOCNE, 346 | SYSZ_INS_STOCGNE, 347 | SYSZ_INS_BNHR, 348 | SYSZ_INS_BNHER, 349 | SYSZ_INS_JNHE, 350 | SYSZ_INS_JGNHE, 351 | SYSZ_INS_LOCNHE, 352 | SYSZ_INS_LOCGNHE, 353 | SYSZ_INS_LOCGRNHE, 354 | SYSZ_INS_LOCRNHE, 355 | SYSZ_INS_STOCNHE, 356 | SYSZ_INS_STOCGNHE, 357 | SYSZ_INS_JNH, 358 | SYSZ_INS_JGNH, 359 | SYSZ_INS_LOCNH, 360 | SYSZ_INS_LOCGNH, 361 | SYSZ_INS_LOCGRNH, 362 | SYSZ_INS_LOCRNH, 363 | SYSZ_INS_STOCNH, 364 | SYSZ_INS_STOCGNH, 365 | SYSZ_INS_BNLR, 366 | SYSZ_INS_BNLER, 367 | SYSZ_INS_JNLE, 368 | SYSZ_INS_JGNLE, 369 | SYSZ_INS_LOCNLE, 370 | SYSZ_INS_LOCGNLE, 371 | SYSZ_INS_LOCGRNLE, 372 | SYSZ_INS_LOCRNLE, 373 | SYSZ_INS_STOCNLE, 374 | SYSZ_INS_STOCGNLE, 375 | SYSZ_INS_BNLHR, 376 | SYSZ_INS_JNLH, 377 | SYSZ_INS_JGNLH, 378 | SYSZ_INS_LOCNLH, 379 | SYSZ_INS_LOCGNLH, 380 | SYSZ_INS_LOCGRNLH, 381 | SYSZ_INS_LOCRNLH, 382 | SYSZ_INS_STOCNLH, 383 | SYSZ_INS_STOCGNLH, 384 | SYSZ_INS_JNL, 385 | SYSZ_INS_JGNL, 386 | SYSZ_INS_LOCNL, 387 | SYSZ_INS_LOCGNL, 388 | SYSZ_INS_LOCGRNL, 389 | SYSZ_INS_LOCRNL, 390 | SYSZ_INS_STOCNL, 391 | SYSZ_INS_STOCGNL, 392 | SYSZ_INS_BNOR, 393 | SYSZ_INS_JNO, 394 | SYSZ_INS_JGNO, 395 | SYSZ_INS_LOCNO, 396 | SYSZ_INS_LOCGNO, 397 | SYSZ_INS_LOCGRNO, 398 | SYSZ_INS_LOCRNO, 399 | SYSZ_INS_STOCNO, 400 | SYSZ_INS_STOCGNO, 401 | SYSZ_INS_BOR, 402 | SYSZ_INS_JO, 403 | SYSZ_INS_JGO, 404 | SYSZ_INS_LOCO, 405 | SYSZ_INS_LOCGO, 406 | SYSZ_INS_LOCGRO, 407 | SYSZ_INS_LOCRO, 408 | SYSZ_INS_STOCO, 409 | SYSZ_INS_STOCGO, 410 | SYSZ_INS_STOC, 411 | SYSZ_INS_STOCG, 412 | SYSZ_INS_BASR, 413 | SYSZ_INS_BR, 414 | SYSZ_INS_BRAS, 415 | SYSZ_INS_BRASL, 416 | SYSZ_INS_J, 417 | SYSZ_INS_JG, 418 | SYSZ_INS_BRCT, 419 | SYSZ_INS_BRCTG, 420 | SYSZ_INS_C, 421 | SYSZ_INS_CDB, 422 | SYSZ_INS_CDBR, 423 | SYSZ_INS_CDFBR, 424 | SYSZ_INS_CDGBR, 425 | SYSZ_INS_CDLFBR, 426 | SYSZ_INS_CDLGBR, 427 | SYSZ_INS_CEB, 428 | SYSZ_INS_CEBR, 429 | SYSZ_INS_CEFBR, 430 | SYSZ_INS_CEGBR, 431 | SYSZ_INS_CELFBR, 432 | SYSZ_INS_CELGBR, 433 | SYSZ_INS_CFDBR, 434 | SYSZ_INS_CFEBR, 435 | SYSZ_INS_CFI, 436 | SYSZ_INS_CFXBR, 437 | SYSZ_INS_CG, 438 | SYSZ_INS_CGDBR, 439 | SYSZ_INS_CGEBR, 440 | SYSZ_INS_CGF, 441 | SYSZ_INS_CGFI, 442 | SYSZ_INS_CGFR, 443 | SYSZ_INS_CGFRL, 444 | SYSZ_INS_CGH, 445 | SYSZ_INS_CGHI, 446 | SYSZ_INS_CGHRL, 447 | SYSZ_INS_CGHSI, 448 | SYSZ_INS_CGR, 449 | SYSZ_INS_CGRL, 450 | SYSZ_INS_CGXBR, 451 | SYSZ_INS_CH, 452 | SYSZ_INS_CHF, 453 | SYSZ_INS_CHHSI, 454 | SYSZ_INS_CHI, 455 | SYSZ_INS_CHRL, 456 | SYSZ_INS_CHSI, 457 | SYSZ_INS_CHY, 458 | SYSZ_INS_CIH, 459 | SYSZ_INS_CL, 460 | SYSZ_INS_CLC, 461 | SYSZ_INS_CLFDBR, 462 | SYSZ_INS_CLFEBR, 463 | SYSZ_INS_CLFHSI, 464 | SYSZ_INS_CLFI, 465 | SYSZ_INS_CLFXBR, 466 | SYSZ_INS_CLG, 467 | SYSZ_INS_CLGDBR, 468 | SYSZ_INS_CLGEBR, 469 | SYSZ_INS_CLGF, 470 | SYSZ_INS_CLGFI, 471 | SYSZ_INS_CLGFR, 472 | SYSZ_INS_CLGFRL, 473 | SYSZ_INS_CLGHRL, 474 | SYSZ_INS_CLGHSI, 475 | SYSZ_INS_CLGR, 476 | SYSZ_INS_CLGRL, 477 | SYSZ_INS_CLGXBR, 478 | SYSZ_INS_CLHF, 479 | SYSZ_INS_CLHHSI, 480 | SYSZ_INS_CLHRL, 481 | SYSZ_INS_CLI, 482 | SYSZ_INS_CLIH, 483 | SYSZ_INS_CLIY, 484 | SYSZ_INS_CLR, 485 | SYSZ_INS_CLRL, 486 | SYSZ_INS_CLST, 487 | SYSZ_INS_CLY, 488 | SYSZ_INS_CPSDR, 489 | SYSZ_INS_CR, 490 | SYSZ_INS_CRL, 491 | SYSZ_INS_CS, 492 | SYSZ_INS_CSG, 493 | SYSZ_INS_CSY, 494 | SYSZ_INS_CXBR, 495 | SYSZ_INS_CXFBR, 496 | SYSZ_INS_CXGBR, 497 | SYSZ_INS_CXLFBR, 498 | SYSZ_INS_CXLGBR, 499 | SYSZ_INS_CY, 500 | SYSZ_INS_DDB, 501 | SYSZ_INS_DDBR, 502 | SYSZ_INS_DEB, 503 | SYSZ_INS_DEBR, 504 | SYSZ_INS_DL, 505 | SYSZ_INS_DLG, 506 | SYSZ_INS_DLGR, 507 | SYSZ_INS_DLR, 508 | SYSZ_INS_DSG, 509 | SYSZ_INS_DSGF, 510 | SYSZ_INS_DSGFR, 511 | SYSZ_INS_DSGR, 512 | SYSZ_INS_DXBR, 513 | SYSZ_INS_EAR, 514 | SYSZ_INS_FIDBR, 515 | SYSZ_INS_FIDBRA, 516 | SYSZ_INS_FIEBR, 517 | SYSZ_INS_FIEBRA, 518 | SYSZ_INS_FIXBR, 519 | SYSZ_INS_FIXBRA, 520 | SYSZ_INS_FLOGR, 521 | SYSZ_INS_IC, 522 | SYSZ_INS_ICY, 523 | SYSZ_INS_IIHF, 524 | SYSZ_INS_IIHH, 525 | SYSZ_INS_IIHL, 526 | SYSZ_INS_IILF, 527 | SYSZ_INS_IILH, 528 | SYSZ_INS_IILL, 529 | SYSZ_INS_IPM, 530 | SYSZ_INS_L, 531 | SYSZ_INS_LA, 532 | SYSZ_INS_LAA, 533 | SYSZ_INS_LAAG, 534 | SYSZ_INS_LAAL, 535 | SYSZ_INS_LAALG, 536 | SYSZ_INS_LAN, 537 | SYSZ_INS_LANG, 538 | SYSZ_INS_LAO, 539 | SYSZ_INS_LAOG, 540 | SYSZ_INS_LARL, 541 | SYSZ_INS_LAX, 542 | SYSZ_INS_LAXG, 543 | SYSZ_INS_LAY, 544 | SYSZ_INS_LB, 545 | SYSZ_INS_LBH, 546 | SYSZ_INS_LBR, 547 | SYSZ_INS_LCDBR, 548 | SYSZ_INS_LCEBR, 549 | SYSZ_INS_LCGFR, 550 | SYSZ_INS_LCGR, 551 | SYSZ_INS_LCR, 552 | SYSZ_INS_LCXBR, 553 | SYSZ_INS_LD, 554 | SYSZ_INS_LDEB, 555 | SYSZ_INS_LDEBR, 556 | SYSZ_INS_LDGR, 557 | SYSZ_INS_LDR, 558 | SYSZ_INS_LDXBR, 559 | SYSZ_INS_LDXBRA, 560 | SYSZ_INS_LDY, 561 | SYSZ_INS_LE, 562 | SYSZ_INS_LEDBR, 563 | SYSZ_INS_LEDBRA, 564 | SYSZ_INS_LER, 565 | SYSZ_INS_LEXBR, 566 | SYSZ_INS_LEXBRA, 567 | SYSZ_INS_LEY, 568 | SYSZ_INS_LFH, 569 | SYSZ_INS_LG, 570 | SYSZ_INS_LGB, 571 | SYSZ_INS_LGBR, 572 | SYSZ_INS_LGDR, 573 | SYSZ_INS_LGF, 574 | SYSZ_INS_LGFI, 575 | SYSZ_INS_LGFR, 576 | SYSZ_INS_LGFRL, 577 | SYSZ_INS_LGH, 578 | SYSZ_INS_LGHI, 579 | SYSZ_INS_LGHR, 580 | SYSZ_INS_LGHRL, 581 | SYSZ_INS_LGR, 582 | SYSZ_INS_LGRL, 583 | SYSZ_INS_LH, 584 | SYSZ_INS_LHH, 585 | SYSZ_INS_LHI, 586 | SYSZ_INS_LHR, 587 | SYSZ_INS_LHRL, 588 | SYSZ_INS_LHY, 589 | SYSZ_INS_LLC, 590 | SYSZ_INS_LLCH, 591 | SYSZ_INS_LLCR, 592 | SYSZ_INS_LLGC, 593 | SYSZ_INS_LLGCR, 594 | SYSZ_INS_LLGF, 595 | SYSZ_INS_LLGFR, 596 | SYSZ_INS_LLGFRL, 597 | SYSZ_INS_LLGH, 598 | SYSZ_INS_LLGHR, 599 | SYSZ_INS_LLGHRL, 600 | SYSZ_INS_LLH, 601 | SYSZ_INS_LLHH, 602 | SYSZ_INS_LLHR, 603 | SYSZ_INS_LLHRL, 604 | SYSZ_INS_LLIHF, 605 | SYSZ_INS_LLIHH, 606 | SYSZ_INS_LLIHL, 607 | SYSZ_INS_LLILF, 608 | SYSZ_INS_LLILH, 609 | SYSZ_INS_LLILL, 610 | SYSZ_INS_LMG, 611 | SYSZ_INS_LNDBR, 612 | SYSZ_INS_LNEBR, 613 | SYSZ_INS_LNGFR, 614 | SYSZ_INS_LNGR, 615 | SYSZ_INS_LNR, 616 | SYSZ_INS_LNXBR, 617 | SYSZ_INS_LPDBR, 618 | SYSZ_INS_LPEBR, 619 | SYSZ_INS_LPGFR, 620 | SYSZ_INS_LPGR, 621 | SYSZ_INS_LPR, 622 | SYSZ_INS_LPXBR, 623 | SYSZ_INS_LR, 624 | SYSZ_INS_LRL, 625 | SYSZ_INS_LRV, 626 | SYSZ_INS_LRVG, 627 | SYSZ_INS_LRVGR, 628 | SYSZ_INS_LRVR, 629 | SYSZ_INS_LT, 630 | SYSZ_INS_LTDBR, 631 | SYSZ_INS_LTEBR, 632 | SYSZ_INS_LTG, 633 | SYSZ_INS_LTGF, 634 | SYSZ_INS_LTGFR, 635 | SYSZ_INS_LTGR, 636 | SYSZ_INS_LTR, 637 | SYSZ_INS_LTXBR, 638 | SYSZ_INS_LXDB, 639 | SYSZ_INS_LXDBR, 640 | SYSZ_INS_LXEB, 641 | SYSZ_INS_LXEBR, 642 | SYSZ_INS_LXR, 643 | SYSZ_INS_LY, 644 | SYSZ_INS_LZDR, 645 | SYSZ_INS_LZER, 646 | SYSZ_INS_LZXR, 647 | SYSZ_INS_MADB, 648 | SYSZ_INS_MADBR, 649 | SYSZ_INS_MAEB, 650 | SYSZ_INS_MAEBR, 651 | SYSZ_INS_MDB, 652 | SYSZ_INS_MDBR, 653 | SYSZ_INS_MDEB, 654 | SYSZ_INS_MDEBR, 655 | SYSZ_INS_MEEB, 656 | SYSZ_INS_MEEBR, 657 | SYSZ_INS_MGHI, 658 | SYSZ_INS_MH, 659 | SYSZ_INS_MHI, 660 | SYSZ_INS_MHY, 661 | SYSZ_INS_MLG, 662 | SYSZ_INS_MLGR, 663 | SYSZ_INS_MS, 664 | SYSZ_INS_MSDB, 665 | SYSZ_INS_MSDBR, 666 | SYSZ_INS_MSEB, 667 | SYSZ_INS_MSEBR, 668 | SYSZ_INS_MSFI, 669 | SYSZ_INS_MSG, 670 | SYSZ_INS_MSGF, 671 | SYSZ_INS_MSGFI, 672 | SYSZ_INS_MSGFR, 673 | SYSZ_INS_MSGR, 674 | SYSZ_INS_MSR, 675 | SYSZ_INS_MSY, 676 | SYSZ_INS_MVC, 677 | SYSZ_INS_MVGHI, 678 | SYSZ_INS_MVHHI, 679 | SYSZ_INS_MVHI, 680 | SYSZ_INS_MVI, 681 | SYSZ_INS_MVIY, 682 | SYSZ_INS_MVST, 683 | SYSZ_INS_MXBR, 684 | SYSZ_INS_MXDB, 685 | SYSZ_INS_MXDBR, 686 | SYSZ_INS_N, 687 | SYSZ_INS_NC, 688 | SYSZ_INS_NG, 689 | SYSZ_INS_NGR, 690 | SYSZ_INS_NGRK, 691 | SYSZ_INS_NI, 692 | SYSZ_INS_NIHF, 693 | SYSZ_INS_NIHH, 694 | SYSZ_INS_NIHL, 695 | SYSZ_INS_NILF, 696 | SYSZ_INS_NILH, 697 | SYSZ_INS_NILL, 698 | SYSZ_INS_NIY, 699 | SYSZ_INS_NR, 700 | SYSZ_INS_NRK, 701 | SYSZ_INS_NY, 702 | SYSZ_INS_O, 703 | SYSZ_INS_OC, 704 | SYSZ_INS_OG, 705 | SYSZ_INS_OGR, 706 | SYSZ_INS_OGRK, 707 | SYSZ_INS_OI, 708 | SYSZ_INS_OIHF, 709 | SYSZ_INS_OIHH, 710 | SYSZ_INS_OIHL, 711 | SYSZ_INS_OILF, 712 | SYSZ_INS_OILH, 713 | SYSZ_INS_OILL, 714 | SYSZ_INS_OIY, 715 | SYSZ_INS_OR, 716 | SYSZ_INS_ORK, 717 | SYSZ_INS_OY, 718 | SYSZ_INS_PFD, 719 | SYSZ_INS_PFDRL, 720 | SYSZ_INS_RISBG, 721 | SYSZ_INS_RISBHG, 722 | SYSZ_INS_RISBLG, 723 | SYSZ_INS_RLL, 724 | SYSZ_INS_RLLG, 725 | SYSZ_INS_RNSBG, 726 | SYSZ_INS_ROSBG, 727 | SYSZ_INS_RXSBG, 728 | SYSZ_INS_S, 729 | SYSZ_INS_SDB, 730 | SYSZ_INS_SDBR, 731 | SYSZ_INS_SEB, 732 | SYSZ_INS_SEBR, 733 | SYSZ_INS_SG, 734 | SYSZ_INS_SGF, 735 | SYSZ_INS_SGFR, 736 | SYSZ_INS_SGR, 737 | SYSZ_INS_SGRK, 738 | SYSZ_INS_SH, 739 | SYSZ_INS_SHY, 740 | SYSZ_INS_SL, 741 | SYSZ_INS_SLB, 742 | SYSZ_INS_SLBG, 743 | SYSZ_INS_SLBR, 744 | SYSZ_INS_SLFI, 745 | SYSZ_INS_SLG, 746 | SYSZ_INS_SLBGR, 747 | SYSZ_INS_SLGF, 748 | SYSZ_INS_SLGFI, 749 | SYSZ_INS_SLGFR, 750 | SYSZ_INS_SLGR, 751 | SYSZ_INS_SLGRK, 752 | SYSZ_INS_SLL, 753 | SYSZ_INS_SLLG, 754 | SYSZ_INS_SLLK, 755 | SYSZ_INS_SLR, 756 | SYSZ_INS_SLRK, 757 | SYSZ_INS_SLY, 758 | SYSZ_INS_SQDB, 759 | SYSZ_INS_SQDBR, 760 | SYSZ_INS_SQEB, 761 | SYSZ_INS_SQEBR, 762 | SYSZ_INS_SQXBR, 763 | SYSZ_INS_SR, 764 | SYSZ_INS_SRA, 765 | SYSZ_INS_SRAG, 766 | SYSZ_INS_SRAK, 767 | SYSZ_INS_SRK, 768 | SYSZ_INS_SRL, 769 | SYSZ_INS_SRLG, 770 | SYSZ_INS_SRLK, 771 | SYSZ_INS_SRST, 772 | SYSZ_INS_ST, 773 | SYSZ_INS_STC, 774 | SYSZ_INS_STCH, 775 | SYSZ_INS_STCY, 776 | SYSZ_INS_STD, 777 | SYSZ_INS_STDY, 778 | SYSZ_INS_STE, 779 | SYSZ_INS_STEY, 780 | SYSZ_INS_STFH, 781 | SYSZ_INS_STG, 782 | SYSZ_INS_STGRL, 783 | SYSZ_INS_STH, 784 | SYSZ_INS_STHH, 785 | SYSZ_INS_STHRL, 786 | SYSZ_INS_STHY, 787 | SYSZ_INS_STMG, 788 | SYSZ_INS_STRL, 789 | SYSZ_INS_STRV, 790 | SYSZ_INS_STRVG, 791 | SYSZ_INS_STY, 792 | SYSZ_INS_SXBR, 793 | SYSZ_INS_SY, 794 | SYSZ_INS_TM, 795 | SYSZ_INS_TMHH, 796 | SYSZ_INS_TMHL, 797 | SYSZ_INS_TMLH, 798 | SYSZ_INS_TMLL, 799 | SYSZ_INS_TMY, 800 | SYSZ_INS_X, 801 | SYSZ_INS_XC, 802 | SYSZ_INS_XG, 803 | SYSZ_INS_XGR, 804 | SYSZ_INS_XGRK, 805 | SYSZ_INS_XI, 806 | SYSZ_INS_XIHF, 807 | SYSZ_INS_XILF, 808 | SYSZ_INS_XIY, 809 | SYSZ_INS_XR, 810 | SYSZ_INS_XRK, 811 | SYSZ_INS_XY, 812 | 813 | SYSZ_INS_ENDING, // <-- mark the end of the list of instructions 814 | } sysz_insn; 815 | 816 | //> Group of SystemZ instructions 817 | typedef enum sysz_insn_group 818 | { 819 | SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID 820 | 821 | //> Generic groups 822 | // all jump instructions (conditional+direct+indirect jumps) 823 | SYSZ_GRP_JUMP, // = CS_GRP_JUMP 824 | 825 | //> Architecture-specific groups 826 | SYSZ_GRP_DISTINCTOPS = 128, 827 | SYSZ_GRP_FPEXTENSION, 828 | SYSZ_GRP_HIGHWORD, 829 | SYSZ_GRP_INTERLOCKEDACCESS1, 830 | SYSZ_GRP_LOADSTOREONCOND, 831 | 832 | SYSZ_GRP_ENDING, // <-- mark the end of the list of groups 833 | } sysz_insn_group; 834 | 835 | #ifdef __cplusplus 836 | } 837 | #endif 838 | 839 | #endif 840 | -------------------------------------------------------------------------------- /capstone/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014-2015 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include "platform.h" 12 | 13 | #ifdef _MSC_VER 14 | #pragma warning(disable:4201) 15 | #endif 16 | 17 | //> Operand type for instruction's operands 18 | typedef enum xcore_op_type 19 | { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | //> XCore registers 27 | typedef enum xcore_reg 28 | { 29 | XCORE_REG_INVALID = 0, 30 | 31 | XCORE_REG_CP, 32 | XCORE_REG_DP, 33 | XCORE_REG_LR, 34 | XCORE_REG_SP, 35 | XCORE_REG_R0, 36 | XCORE_REG_R1, 37 | XCORE_REG_R2, 38 | XCORE_REG_R3, 39 | XCORE_REG_R4, 40 | XCORE_REG_R5, 41 | XCORE_REG_R6, 42 | XCORE_REG_R7, 43 | XCORE_REG_R8, 44 | XCORE_REG_R9, 45 | XCORE_REG_R10, 46 | XCORE_REG_R11, 47 | 48 | //> pseudo registers 49 | XCORE_REG_PC, // pc 50 | 51 | // internal thread registers 52 | // see The-XMOS-XS1-Architecture(X7879A).pdf 53 | XCORE_REG_SCP, // save pc 54 | XCORE_REG_SSR, // save status 55 | XCORE_REG_ET, // exception type 56 | XCORE_REG_ED, // exception data 57 | XCORE_REG_SED, // save exception data 58 | XCORE_REG_KEP, // kernel entry pointer 59 | XCORE_REG_KSP, // kernel stack pointer 60 | XCORE_REG_ID, // thread ID 61 | 62 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 63 | } xcore_reg; 64 | 65 | // Instruction's operand referring to memory 66 | // This is associated with XCORE_OP_MEM operand type above 67 | typedef struct xcore_op_mem 68 | { 69 | uint8_t base; // base register, can be safely interpreted as 70 | // a value of type `xcore_reg`, but it is only 71 | // one byte wide 72 | uint8_t index; // index register, same conditions apply here 73 | int32_t disp; // displacement/offset value 74 | int direct; // +1: forward, -1: backward 75 | } xcore_op_mem; 76 | 77 | // Instruction operand 78 | typedef struct cs_xcore_op 79 | { 80 | xcore_op_type type; // operand type 81 | union 82 | { 83 | xcore_reg reg; // register value for REG operand 84 | int32_t imm; // immediate value for IMM operand 85 | xcore_op_mem mem; // base/disp value for MEM operand 86 | }; 87 | } cs_xcore_op; 88 | 89 | // Instruction structure 90 | typedef struct cs_xcore 91 | { 92 | // Number of operands of this instruction, 93 | // or 0 when instruction has no operand. 94 | uint8_t op_count; 95 | cs_xcore_op operands[8]; // operands for this instruction. 96 | } cs_xcore; 97 | 98 | //> XCore instruction 99 | typedef enum xcore_insn 100 | { 101 | XCORE_INS_INVALID = 0, 102 | 103 | XCORE_INS_ADD, 104 | XCORE_INS_ANDNOT, 105 | XCORE_INS_AND, 106 | XCORE_INS_ASHR, 107 | XCORE_INS_BAU, 108 | XCORE_INS_BITREV, 109 | XCORE_INS_BLA, 110 | XCORE_INS_BLAT, 111 | XCORE_INS_BL, 112 | XCORE_INS_BF, 113 | XCORE_INS_BT, 114 | XCORE_INS_BU, 115 | XCORE_INS_BRU, 116 | XCORE_INS_BYTEREV, 117 | XCORE_INS_CHKCT, 118 | XCORE_INS_CLRE, 119 | XCORE_INS_CLRPT, 120 | XCORE_INS_CLRSR, 121 | XCORE_INS_CLZ, 122 | XCORE_INS_CRC8, 123 | XCORE_INS_CRC32, 124 | XCORE_INS_DCALL, 125 | XCORE_INS_DENTSP, 126 | XCORE_INS_DGETREG, 127 | XCORE_INS_DIVS, 128 | XCORE_INS_DIVU, 129 | XCORE_INS_DRESTSP, 130 | XCORE_INS_DRET, 131 | XCORE_INS_ECALLF, 132 | XCORE_INS_ECALLT, 133 | XCORE_INS_EDU, 134 | XCORE_INS_EEF, 135 | XCORE_INS_EET, 136 | XCORE_INS_EEU, 137 | XCORE_INS_ENDIN, 138 | XCORE_INS_ENTSP, 139 | XCORE_INS_EQ, 140 | XCORE_INS_EXTDP, 141 | XCORE_INS_EXTSP, 142 | XCORE_INS_FREER, 143 | XCORE_INS_FREET, 144 | XCORE_INS_GETD, 145 | XCORE_INS_GET, 146 | XCORE_INS_GETN, 147 | XCORE_INS_GETR, 148 | XCORE_INS_GETSR, 149 | XCORE_INS_GETST, 150 | XCORE_INS_GETTS, 151 | XCORE_INS_INCT, 152 | XCORE_INS_INIT, 153 | XCORE_INS_INPW, 154 | XCORE_INS_INSHR, 155 | XCORE_INS_INT, 156 | XCORE_INS_IN, 157 | XCORE_INS_KCALL, 158 | XCORE_INS_KENTSP, 159 | XCORE_INS_KRESTSP, 160 | XCORE_INS_KRET, 161 | XCORE_INS_LADD, 162 | XCORE_INS_LD16S, 163 | XCORE_INS_LD8U, 164 | XCORE_INS_LDA16, 165 | XCORE_INS_LDAP, 166 | XCORE_INS_LDAW, 167 | XCORE_INS_LDC, 168 | XCORE_INS_LDW, 169 | XCORE_INS_LDIVU, 170 | XCORE_INS_LMUL, 171 | XCORE_INS_LSS, 172 | XCORE_INS_LSUB, 173 | XCORE_INS_LSU, 174 | XCORE_INS_MACCS, 175 | XCORE_INS_MACCU, 176 | XCORE_INS_MJOIN, 177 | XCORE_INS_MKMSK, 178 | XCORE_INS_MSYNC, 179 | XCORE_INS_MUL, 180 | XCORE_INS_NEG, 181 | XCORE_INS_NOT, 182 | XCORE_INS_OR, 183 | XCORE_INS_OUTCT, 184 | XCORE_INS_OUTPW, 185 | XCORE_INS_OUTSHR, 186 | XCORE_INS_OUTT, 187 | XCORE_INS_OUT, 188 | XCORE_INS_PEEK, 189 | XCORE_INS_REMS, 190 | XCORE_INS_REMU, 191 | XCORE_INS_RETSP, 192 | XCORE_INS_SETCLK, 193 | XCORE_INS_SET, 194 | XCORE_INS_SETC, 195 | XCORE_INS_SETD, 196 | XCORE_INS_SETEV, 197 | XCORE_INS_SETN, 198 | XCORE_INS_SETPSC, 199 | XCORE_INS_SETPT, 200 | XCORE_INS_SETRDY, 201 | XCORE_INS_SETSR, 202 | XCORE_INS_SETTW, 203 | XCORE_INS_SETV, 204 | XCORE_INS_SEXT, 205 | XCORE_INS_SHL, 206 | XCORE_INS_SHR, 207 | XCORE_INS_SSYNC, 208 | XCORE_INS_ST16, 209 | XCORE_INS_ST8, 210 | XCORE_INS_STW, 211 | XCORE_INS_SUB, 212 | XCORE_INS_SYNCR, 213 | XCORE_INS_TESTCT, 214 | XCORE_INS_TESTLCL, 215 | XCORE_INS_TESTWCT, 216 | XCORE_INS_TSETMR, 217 | XCORE_INS_START, 218 | XCORE_INS_WAITEF, 219 | XCORE_INS_WAITET, 220 | XCORE_INS_WAITEU, 221 | XCORE_INS_XOR, 222 | XCORE_INS_ZEXT, 223 | 224 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 225 | } xcore_insn; 226 | 227 | //> Group of XCore instructions 228 | typedef enum xcore_insn_group 229 | { 230 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 231 | 232 | //> Generic groups 233 | // all jump instructions (conditional+direct+indirect jumps) 234 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 235 | 236 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 237 | } xcore_insn_group; 238 | 239 | #ifdef __cplusplus 240 | } 241 | #endif 242 | 243 | #endif 244 | -------------------------------------------------------------------------------- /capstone_wrapper.cpp: -------------------------------------------------------------------------------- 1 | #include "capstone_wrapper.h" 2 | #include 3 | 4 | csh Capstone::mHandle = 0; 5 | bool Capstone::mInitialized = false; 6 | 7 | static void customMnem(csh handle, x86_insn mnem, const char* alias) 8 | { 9 | cs_opt_mnem om = { mnem, alias }; 10 | cs_option(handle, CS_OPT_MNEMONIC, (size_t)&om); 11 | } 12 | 13 | void Capstone::GlobalInitialize() 14 | { 15 | if(!mInitialized) 16 | { 17 | mInitialized = true; 18 | #ifdef _WIN64 19 | cs_open(CS_ARCH_X86, CS_MODE_64, &mHandle); 20 | #else //x86 21 | cs_open(CS_ARCH_X86, CS_MODE_32, &mHandle); 22 | #endif //_WIN64 23 | cs_option(mHandle, CS_OPT_DETAIL, CS_OPT_ON); 24 | customMnem(mHandle, X86_INS_PUSHAL, "pushad"); 25 | customMnem(mHandle, X86_INS_POPAL, "popad"); 26 | } 27 | } 28 | 29 | void Capstone::GlobalFinalize() 30 | { 31 | if(mHandle) //close handle 32 | cs_close(&mHandle); 33 | mInitialized = false; 34 | } 35 | 36 | Capstone::Capstone() 37 | { 38 | GlobalInitialize(); 39 | mInstr = cs_malloc(mHandle); 40 | mSuccess = false; 41 | } 42 | 43 | Capstone::Capstone(const Capstone & capstone) 44 | : mInstr(cs_malloc(mHandle)), 45 | mSuccess(false) 46 | { 47 | } 48 | 49 | Capstone::~Capstone() 50 | { 51 | if(mInstr) //free last disassembled instruction 52 | cs_free(mInstr, 1); 53 | } 54 | 55 | bool Capstone::Disassemble(size_t addr, const unsigned char data[MAX_DISASM_BUFFER]) 56 | { 57 | return Disassemble(addr, data, MAX_DISASM_BUFFER); 58 | } 59 | 60 | bool Capstone::Disassemble(size_t addr, const unsigned char* data, int size) 61 | { 62 | if(!data || !size) 63 | return false; 64 | 65 | size_t codeSize = size; 66 | uint64_t addr64 = addr; 67 | 68 | return (mSuccess = cs_disasm_iter(mHandle, &data, &codeSize, &addr64, mInstr)); 69 | } 70 | 71 | bool Capstone::DisassembleSafe(size_t addr, const unsigned char* data, int size) 72 | { 73 | unsigned char dataSafe[MAX_DISASM_BUFFER]; 74 | memset(dataSafe, 0, sizeof(dataSafe)); 75 | memcpy(dataSafe, data, min(MAX_DISASM_BUFFER, size_t(size))); 76 | return Disassemble(addr, dataSafe); 77 | } 78 | 79 | const cs_insn* Capstone::GetInstr() const 80 | { 81 | if(!Success()) 82 | return nullptr; 83 | return mInstr; 84 | } 85 | 86 | bool Capstone::Success() const 87 | { 88 | return mSuccess; 89 | } 90 | 91 | const char* Capstone::RegName(x86_reg reg) const 92 | { 93 | switch(reg) 94 | { 95 | case X86_REG_ST0: 96 | return "st(0)"; 97 | case X86_REG_ST1: 98 | return "st(1)"; 99 | case X86_REG_ST2: 100 | return "st(2)"; 101 | case X86_REG_ST3: 102 | return "st(3)"; 103 | case X86_REG_ST4: 104 | return "st(4)"; 105 | case X86_REG_ST5: 106 | return "st(5)"; 107 | case X86_REG_ST6: 108 | return "st(6)"; 109 | case X86_REG_ST7: 110 | return "st(7)"; 111 | default: 112 | return cs_reg_name(mHandle, reg); 113 | } 114 | } 115 | 116 | bool Capstone::InGroup(cs_group_type group) const 117 | { 118 | if(!Success()) 119 | return false; 120 | if(group == CS_GRP_PRIVILEGE) 121 | { 122 | auto id = GetId(); 123 | // I/O instructions 124 | if(id == X86_INS_OUT || id == X86_INS_OUTSB || id == X86_INS_OUTSD || id == X86_INS_OUTSW 125 | || id == X86_INS_IN || id == X86_INS_INSB || id == X86_INS_INSD || id == X86_INS_INSW 126 | // system instructions 127 | || id == X86_INS_RDMSR || id == X86_INS_SMSW) 128 | return true; 129 | } 130 | return cs_insn_group(mHandle, mInstr, group); 131 | } 132 | 133 | std::string Capstone::OperandText(int opindex) const 134 | { 135 | if(!Success() || opindex >= mInstr->detail->x86.op_count) 136 | return ""; 137 | const auto & op = mInstr->detail->x86.operands[opindex]; 138 | std::string result; 139 | char temp[32] = ""; 140 | switch(op.type) 141 | { 142 | case X86_OP_REG: 143 | { 144 | result = RegName(x86_reg(op.reg)); 145 | } 146 | break; 147 | 148 | case X86_OP_IMM: 149 | { 150 | sprintf_s(temp, "%llX", op.imm); 151 | result = temp; 152 | } 153 | break; 154 | 155 | case X86_OP_MEM: 156 | { 157 | const auto & mem = op.mem; 158 | if(op.mem.base == X86_REG_RIP) //rip-relative 159 | { 160 | sprintf_s(temp, "%llX", Address() + op.mem.disp + Size()); 161 | result += temp; 162 | } 163 | else //normal 164 | { 165 | bool prependPlus = false; 166 | if(mem.base) 167 | { 168 | result += RegName(x86_reg(mem.base)); 169 | prependPlus = true; 170 | } 171 | if(mem.index) 172 | { 173 | if(prependPlus) 174 | result += "+"; 175 | result += RegName(x86_reg(mem.index)); 176 | sprintf_s(temp, "*%X", mem.scale); 177 | result += temp; 178 | prependPlus = true; 179 | } 180 | if(mem.disp) 181 | { 182 | char operatorText = '+'; 183 | if(mem.disp < 0) 184 | { 185 | operatorText = '-'; 186 | sprintf_s(temp, "%llX", mem.disp * -1); 187 | } 188 | else 189 | sprintf_s(temp, "%llX", mem.disp); 190 | if(prependPlus) 191 | result += operatorText; 192 | result += temp; 193 | } 194 | if(!mem.disp && !mem.base && !mem.index) 195 | result += '0'; 196 | } 197 | } 198 | break; 199 | 200 | case X86_OP_INVALID: 201 | { 202 | } 203 | break; 204 | } 205 | return result; 206 | } 207 | 208 | int Capstone::Size() const 209 | { 210 | if(!Success()) 211 | return 1; 212 | return GetInstr()->size; 213 | } 214 | 215 | size_t Capstone::Address() const 216 | { 217 | if(!Success()) 218 | return 0; 219 | return size_t(GetInstr()->address); 220 | } 221 | 222 | const cs_x86 & Capstone::x86() const 223 | { 224 | if(!Success()) 225 | DebugBreak(); 226 | return GetInstr()->detail->x86; 227 | } 228 | 229 | bool Capstone::IsFilling() const 230 | { 231 | if(!Success()) 232 | return false; 233 | switch(GetId()) 234 | { 235 | case X86_INS_NOP: 236 | case X86_INS_INT3: 237 | return true; 238 | default: 239 | return false; 240 | } 241 | } 242 | 243 | bool Capstone::IsLoop() const 244 | { 245 | if(!Success()) 246 | return false; 247 | switch(GetId()) 248 | { 249 | case X86_INS_LOOP: 250 | case X86_INS_LOOPE: 251 | case X86_INS_LOOPNE: 252 | return true; 253 | default: 254 | return false; 255 | } 256 | } 257 | 258 | x86_insn Capstone::GetId() const 259 | { 260 | if(!Success()) 261 | DebugBreak(); 262 | return x86_insn(mInstr->id); 263 | } 264 | 265 | std::string Capstone::InstructionText(bool replaceRipRelative) const 266 | { 267 | if(!Success()) 268 | return "???"; 269 | std::string result = Mnemonic(); 270 | if(OpCount()) 271 | { 272 | result += " "; 273 | result += mInstr->op_str; 274 | } 275 | #ifdef _WIN64 276 | if(replaceRipRelative) 277 | { 278 | //replace [rip +/- 0x?] with the actual address 279 | bool ripPlus = true; 280 | auto found = result.find("[rip + "); 281 | if(found == std::string::npos) 282 | { 283 | ripPlus = false; 284 | found = result.find("[rip - "); 285 | } 286 | if(found != std::string::npos) 287 | { 288 | auto wVA = Address(); 289 | auto end = result.find("]", found); 290 | auto ripStr = result.substr(found + 1, end - found - 1); 291 | uint64_t offset; 292 | sscanf_s(ripStr.substr(ripStr.rfind(' ') + 1).c_str(), "%llX", &offset); 293 | auto dest = ripPlus ? (wVA + offset + Size()) : (wVA - offset + Size()); 294 | char buf[20]; 295 | sprintf_s(buf, "0x%llx", dest); 296 | result.replace(found + 1, ripStr.length(), buf); 297 | } 298 | } 299 | #endif //_WIN64 300 | return result; 301 | } 302 | 303 | int Capstone::OpCount() const 304 | { 305 | if(!Success()) 306 | return 0; 307 | return x86().op_count; 308 | } 309 | 310 | const cs_x86_op & Capstone::operator[](int index) const 311 | { 312 | if(!Success() || index < 0 || index >= OpCount()) 313 | DebugBreak(); 314 | return x86().operands[index]; 315 | } 316 | 317 | static bool isSafe64NopRegOp(const cs_x86_op & op) 318 | { 319 | if(op.type != X86_OP_REG) 320 | return true; //a non-register is safe 321 | #ifdef _WIN64 322 | switch(op.reg) 323 | { 324 | case X86_REG_EAX: 325 | case X86_REG_EBX: 326 | case X86_REG_ECX: 327 | case X86_REG_EDX: 328 | case X86_REG_EBP: 329 | case X86_REG_ESP: 330 | case X86_REG_ESI: 331 | case X86_REG_EDI: 332 | return false; //32 bit register modifications clear the high part of the 64 bit register 333 | default: 334 | return true; //all other registers are safe 335 | } 336 | #else 337 | return true; 338 | #endif //_WIN64 339 | } 340 | 341 | bool Capstone::IsNop() const 342 | { 343 | if(!Success()) 344 | return false; 345 | const auto & ops = x86().operands; 346 | cs_x86_op op; 347 | switch(GetId()) 348 | { 349 | case X86_INS_NOP: 350 | case X86_INS_PAUSE: 351 | case X86_INS_FNOP: 352 | // nop 353 | return true; 354 | case X86_INS_MOV: 355 | case X86_INS_CMOVA: 356 | case X86_INS_CMOVAE: 357 | case X86_INS_CMOVB: 358 | case X86_INS_CMOVBE: 359 | case X86_INS_CMOVE: 360 | case X86_INS_CMOVNE: 361 | case X86_INS_CMOVG: 362 | case X86_INS_CMOVGE: 363 | case X86_INS_CMOVL: 364 | case X86_INS_CMOVLE: 365 | case X86_INS_CMOVO: 366 | case X86_INS_CMOVNO: 367 | case X86_INS_CMOVP: 368 | case X86_INS_CMOVNP: 369 | case X86_INS_CMOVS: 370 | case X86_INS_CMOVNS: 371 | case X86_INS_MOVAPS: 372 | case X86_INS_MOVAPD: 373 | case X86_INS_MOVUPS: 374 | case X86_INS_MOVUPD: 375 | case X86_INS_XCHG: 376 | // mov edi, edi 377 | return ops[0].type == X86_OP_REG && ops[1].type == X86_OP_REG && ops[0].reg == ops[1].reg && isSafe64NopRegOp(ops[0]); 378 | case X86_INS_LEA: 379 | { 380 | // lea eax, [eax + 0] 381 | auto reg = ops[0].reg; 382 | auto mem = ops[1].mem; 383 | return ops[0].type == X86_OP_REG && ops[1].type == X86_OP_MEM && mem.disp == 0 && 384 | ((mem.index == X86_REG_INVALID && mem.base == reg) || 385 | (mem.index == reg && mem.base == X86_REG_INVALID && mem.scale == 1)) && isSafe64NopRegOp(ops[0]); 386 | } 387 | case X86_INS_JMP: 388 | case X86_INS_JA: 389 | case X86_INS_JAE: 390 | case X86_INS_JB: 391 | case X86_INS_JBE: 392 | case X86_INS_JE: 393 | case X86_INS_JNE: 394 | case X86_INS_JG: 395 | case X86_INS_JGE: 396 | case X86_INS_JL: 397 | case X86_INS_JLE: 398 | case X86_INS_JO: 399 | case X86_INS_JNO: 400 | case X86_INS_JP: 401 | case X86_INS_JNP: 402 | case X86_INS_JS: 403 | case X86_INS_JNS: 404 | case X86_INS_JECXZ: 405 | case X86_INS_JRCXZ: 406 | case X86_INS_JCXZ: 407 | // jmp 0 408 | op = ops[0]; 409 | return op.type == X86_OP_IMM && op.imm == this->Address() + this->Size(); 410 | case X86_INS_SHL: 411 | case X86_INS_SHR: 412 | case X86_INS_ROL: 413 | case X86_INS_ROR: 414 | case X86_INS_SAR: 415 | case X86_INS_SAL: 416 | // shl eax, 0 417 | op = ops[1]; 418 | return op.type == X86_OP_IMM && op.imm == 0 && isSafe64NopRegOp(ops[0]); 419 | case X86_INS_SHLD: 420 | case X86_INS_SHRD: 421 | // shld eax, ebx, 0 422 | op = ops[2]; 423 | return op.type == X86_OP_IMM && op.imm == 0 && isSafe64NopRegOp(ops[0]) && isSafe64NopRegOp(ops[1]); 424 | default: 425 | return false; 426 | } 427 | } 428 | 429 | bool Capstone::IsInt3() const 430 | { 431 | if(!Success()) 432 | return false; 433 | switch(GetId()) 434 | { 435 | case X86_INS_INT3: 436 | return true; 437 | case X86_INS_INT: 438 | { 439 | cs_x86_op op = x86().operands[0]; 440 | return op.type == X86_OP_IMM && op.imm == 3; 441 | } 442 | default: 443 | return false; 444 | } 445 | } 446 | 447 | bool Capstone::IsUnusual() const 448 | { 449 | auto id = GetId(); 450 | return (InGroup(CS_GRP_PRIVILEGE) || InGroup(CS_GRP_IRET) || InGroup(CS_GRP_INVALID) 451 | || id == X86_INS_RDTSC || id == X86_INS_SYSCALL || id == X86_INS_SYSENTER || id == X86_INS_CPUID || id == X86_INS_RDTSCP 452 | || id == X86_INS_RDRAND || id == X86_INS_RDSEED || id == X86_INS_UD2 || id == X86_INS_UD2B); 453 | } 454 | 455 | std::string Capstone::Mnemonic() const 456 | { 457 | if(!Success()) 458 | return "???"; 459 | return mInstr->mnemonic; 460 | } 461 | 462 | std::string Capstone::MnemonicId() const 463 | { 464 | if(!Success()) 465 | return "???"; 466 | return cs_insn_name(mHandle, GetId()); 467 | } 468 | 469 | const char* Capstone::MemSizeName(int size) const 470 | { 471 | switch(size) 472 | { 473 | case 1: 474 | return "byte"; 475 | case 2: 476 | return "word"; 477 | case 4: 478 | return "dword"; 479 | case 6: 480 | return "fword"; 481 | case 8: 482 | return "qword"; 483 | case 10: 484 | return "tword"; 485 | case 14: 486 | return "m14"; 487 | case 16: 488 | return "xmmword"; 489 | case 28: 490 | return "m28"; 491 | case 32: 492 | return "yword"; 493 | case 64: 494 | return "zword"; 495 | default: 496 | return nullptr; 497 | } 498 | } 499 | 500 | size_t Capstone::BranchDestination() const 501 | { 502 | if(!Success()) 503 | return 0; 504 | if(InGroup(CS_GRP_JUMP) || InGroup(CS_GRP_CALL) || IsLoop()) 505 | { 506 | const auto & op = x86().operands[0]; 507 | if(op.type == X86_OP_IMM) 508 | return size_t(op.imm); 509 | } 510 | return 0; 511 | } 512 | 513 | size_t Capstone::ResolveOpValue(int opindex, const std::function & resolveReg) const 514 | { 515 | size_t dest = 0; 516 | const auto & op = x86().operands[opindex]; 517 | switch(op.type) 518 | { 519 | case X86_OP_IMM: 520 | dest = size_t(op.imm); 521 | break; 522 | case X86_OP_REG: 523 | dest = resolveReg(op.reg); 524 | break; 525 | case X86_OP_MEM: 526 | dest = size_t(op.mem.disp); 527 | if(op.mem.base == X86_REG_RIP) //rip-relative 528 | dest += Address() + Size(); 529 | else 530 | dest += resolveReg(op.mem.base) + resolveReg(op.mem.index) * op.mem.scale; 531 | break; 532 | default: 533 | break; 534 | } 535 | return dest; 536 | } 537 | 538 | bool Capstone::IsBranchGoingToExecute(size_t cflags, size_t ccx) const 539 | { 540 | return IsBranchGoingToExecute(GetId(), cflags, ccx); 541 | } 542 | 543 | bool Capstone::IsBranchGoingToExecute(x86_insn id, size_t cflags, size_t ccx) 544 | { 545 | auto bCF = (cflags & (1 << 0)) != 0; 546 | auto bPF = (cflags & (1 << 2)) != 0; 547 | auto bZF = (cflags & (1 << 6)) != 0; 548 | auto bSF = (cflags & (1 << 7)) != 0; 549 | auto bOF = (cflags & (1 << 11)) != 0; 550 | switch(id) 551 | { 552 | case X86_INS_CALL: 553 | case X86_INS_LJMP: 554 | case X86_INS_JMP: 555 | case X86_INS_RET: 556 | case X86_INS_RETF: 557 | case X86_INS_RETFQ: 558 | return true; 559 | case X86_INS_JAE: //jump short if above or equal 560 | return !bCF; 561 | case X86_INS_JA: //jump short if above 562 | return !bCF && !bZF; 563 | case X86_INS_JBE: //jump short if below or equal/not above 564 | return bCF || bZF; 565 | case X86_INS_JB: //jump short if below/not above nor equal/carry 566 | return bCF; 567 | case X86_INS_JCXZ: //jump short if ecx register is zero 568 | case X86_INS_JECXZ: //jump short if ecx register is zero 569 | case X86_INS_JRCXZ: //jump short if rcx register is zero 570 | return ccx == 0; 571 | case X86_INS_JE: //jump short if equal 572 | return bZF; 573 | case X86_INS_JGE: //jump short if greater or equal 574 | return bSF == bOF; 575 | case X86_INS_JG: //jump short if greater 576 | return !bZF && bSF == bOF; 577 | case X86_INS_JLE: //jump short if less or equal/not greater 578 | return bZF || bSF != bOF; 579 | case X86_INS_JL: //jump short if less/not greater 580 | return bSF != bOF; 581 | case X86_INS_JNE: //jump short if not equal/not zero 582 | return !bZF; 583 | case X86_INS_JNO: //jump short if not overflow 584 | return !bOF; 585 | case X86_INS_JNP: //jump short if not parity/parity odd 586 | return !bPF; 587 | case X86_INS_JNS: //jump short if not sign 588 | return !bSF; 589 | case X86_INS_JO: //jump short if overflow 590 | return bOF; 591 | case X86_INS_JP: //jump short if parity/parity even 592 | return bPF; 593 | case X86_INS_JS: //jump short if sign 594 | return bSF; 595 | case X86_INS_LOOP: //decrement count; jump short if ecx!=0 596 | return ccx != 0; 597 | case X86_INS_LOOPE: //decrement count; jump short if ecx!=0 and zf=1 598 | return ccx != 0 && bZF; 599 | case X86_INS_LOOPNE: //decrement count; jump short if ecx!=0 and zf=0 600 | return ccx != 0 && !bZF; 601 | default: 602 | return false; 603 | } 604 | } 605 | 606 | bool Capstone::IsConditionalGoingToExecute(size_t cflags, size_t ccx) const 607 | { 608 | return IsConditionalGoingToExecute(GetId(), cflags, ccx); 609 | } 610 | 611 | bool Capstone::IsConditionalGoingToExecute(x86_insn id, size_t cflags, size_t ccx) 612 | { 613 | auto bCF = (cflags & (1 << 0)) != 0; 614 | auto bPF = (cflags & (1 << 2)) != 0; 615 | auto bZF = (cflags & (1 << 6)) != 0; 616 | auto bSF = (cflags & (1 << 7)) != 0; 617 | auto bOF = (cflags & (1 << 11)) != 0; 618 | switch(id) 619 | { 620 | case X86_INS_CMOVA: //conditional move - above/not below nor equal 621 | return !bCF && !bZF; 622 | case X86_INS_CMOVAE: //conditional move - above or equal/not below/not carry 623 | return !bCF; 624 | case X86_INS_CMOVB: //conditional move - below/not above nor equal/carry 625 | return bCF; 626 | case X86_INS_CMOVBE: //conditional move - below or equal/not above 627 | return bCF || bZF; 628 | case X86_INS_CMOVE: //conditional move - equal/zero 629 | return bZF; 630 | case X86_INS_CMOVG: //conditional move - greater/not less nor equal 631 | return !bZF && bSF == bOF; 632 | case X86_INS_CMOVGE: //conditional move - greater or equal/not less 633 | return bSF == bOF; 634 | case X86_INS_CMOVL: //conditional move - less/not greater nor equal 635 | return bSF != bOF; 636 | case X86_INS_CMOVLE: //conditional move - less or equal/not greater 637 | return bZF || bSF != bOF; 638 | case X86_INS_CMOVNE: //conditional move - not equal/not zero 639 | return !bZF; 640 | case X86_INS_CMOVNO: //conditional move - not overflow 641 | return !bOF; 642 | case X86_INS_CMOVNP: //conditional move - not parity/parity odd 643 | return !bPF; 644 | case X86_INS_CMOVNS: //conditional move - not sign 645 | return !bSF; 646 | case X86_INS_CMOVO: //conditional move - overflow 647 | return bOF; 648 | case X86_INS_CMOVP: //conditional move - parity/parity even 649 | return bPF; 650 | case X86_INS_CMOVS: //conditional move - sign 651 | return bSF; 652 | case X86_INS_FCMOVBE: //fp conditional move - below or equal 653 | return bCF || bZF; 654 | case X86_INS_FCMOVB: //fp conditional move - below 655 | return bCF; 656 | case X86_INS_FCMOVE: //fp conditional move - equal 657 | return bZF; 658 | case X86_INS_FCMOVNBE: //fp conditional move - not below or equal 659 | return !bCF && !bZF; 660 | case X86_INS_FCMOVNB: //fp conditional move - not below 661 | return !bCF; 662 | case X86_INS_FCMOVNE: //fp conditional move - not equal 663 | return !bZF; 664 | case X86_INS_FCMOVNU: //fp conditional move - not unordered 665 | return !bPF; 666 | case X86_INS_FCMOVU: //fp conditional move - unordered 667 | return bPF; 668 | case X86_INS_SETA: //set byte on condition - above/not below nor equal 669 | return !bCF && !bZF; 670 | case X86_INS_SETAE: //set byte on condition - above or equal/not below/not carry 671 | return !bCF; 672 | case X86_INS_SETB: //set byte on condition - below/not above nor equal/carry 673 | return bCF; 674 | case X86_INS_SETBE: //set byte on condition - below or equal/not above 675 | return bCF || bZF; 676 | case X86_INS_SETE: //set byte on condition - equal/zero 677 | return bZF; 678 | case X86_INS_SETG: //set byte on condition - greater/not less nor equal 679 | return !bZF && bSF == bOF; 680 | case X86_INS_SETGE: //set byte on condition - greater or equal/not less 681 | return bSF == bOF; 682 | case X86_INS_SETL: //set byte on condition - less/not greater nor equal 683 | return bSF != bOF; 684 | case X86_INS_SETLE: //set byte on condition - less or equal/not greater 685 | return bZF || bSF != bOF; 686 | case X86_INS_SETNE: //set byte on condition - not equal/not zero 687 | return !bZF; 688 | case X86_INS_SETNO: //set byte on condition - not overflow 689 | return !bOF; 690 | case X86_INS_SETNP: //set byte on condition - not parity/parity odd 691 | return !bPF; 692 | case X86_INS_SETNS: //set byte on condition - not sign 693 | return !bSF; 694 | case X86_INS_SETO: //set byte on condition - overflow 695 | return bOF; 696 | case X86_INS_SETP: //set byte on condition - parity/parity even 697 | return bPF; 698 | case X86_INS_SETS: //set byte on condition - sign 699 | return bSF; 700 | default: 701 | return true; 702 | } 703 | } 704 | 705 | void Capstone::RegInfo(uint8_t regs[X86_REG_ENDING]) const 706 | { 707 | memset(regs, 0, sizeof(uint8_t) * X86_REG_ENDING); 708 | if(!Success() || IsNop()) 709 | return; 710 | for(int i = 0; i < OpCount(); i++) 711 | { 712 | const auto & op = x86().operands[i]; 713 | switch(op.type) 714 | { 715 | case X86_OP_REG: 716 | if((op.access & CS_AC_READ) == CS_AC_READ) 717 | regs[op.reg] |= Read | Explicit; 718 | if((op.access & CS_AC_WRITE) == CS_AC_WRITE) 719 | regs[op.reg] |= Write | Explicit; 720 | break; 721 | 722 | case X86_OP_MEM: 723 | { 724 | if(op.mem.segment == X86_REG_INVALID) 725 | { 726 | switch(op.mem.base) 727 | { 728 | #ifdef _WIN64 729 | case X86_REG_RSP: 730 | case X86_REG_RBP: 731 | #else //x86 732 | case X86_REG_ESP: 733 | case X86_REG_EBP: 734 | #endif //_WIN64 735 | regs[X86_REG_SS] |= Read | Explicit; 736 | break; 737 | default: 738 | regs[X86_REG_DS] |= Read | Explicit; 739 | break; 740 | } 741 | } 742 | else 743 | regs[op.mem.segment] |= Read | Explicit; 744 | regs[op.mem.base] |= Read | Explicit; 745 | regs[op.mem.index] |= Read | Explicit; 746 | } 747 | break; 748 | 749 | default: 750 | break; 751 | } 752 | } 753 | const cs_detail* detail = GetInstr()->detail; 754 | for(uint8_t i = 0; i < detail->regs_read_count; i++) 755 | regs[detail->regs_read[i]] |= Read | Implicit; 756 | for(uint8_t i = 0; i < detail->regs_write_count; i++) 757 | regs[detail->regs_write[i]] |= Write | Implicit; 758 | if(InGroup(CS_GRP_CALL) || InGroup(CS_GRP_RET) || InGroup(CS_GRP_JUMP) || IsLoop()) 759 | #ifdef _WIN64 760 | regs[X86_REG_RIP] = Write | Implicit; 761 | #else //x86 762 | regs[X86_REG_EIP] = Write | Implicit; 763 | #endif //_WIN64 764 | } 765 | 766 | void Capstone::FlagInfo(uint8_t info[FLAG_ENDING]) const 767 | { 768 | memset(info, 0, sizeof(uint8_t) * FLAG_ENDING); 769 | if(!Success()) 770 | return; 771 | auto eflags = x86().eflags; 772 | #define setFlagInfo(flag, access, test) info[flag] |= (eflags & test) == test ? access : 0 773 | //Write 774 | setFlagInfo(FLAG_AF, Modify, X86_EFLAGS_MODIFY_AF); 775 | setFlagInfo(FLAG_CF, Modify, X86_EFLAGS_MODIFY_CF); 776 | setFlagInfo(FLAG_SF, Modify, X86_EFLAGS_MODIFY_SF); 777 | setFlagInfo(FLAG_ZF, Modify, X86_EFLAGS_MODIFY_ZF); 778 | setFlagInfo(FLAG_PF, Modify, X86_EFLAGS_MODIFY_PF); 779 | setFlagInfo(FLAG_OF, Modify, X86_EFLAGS_MODIFY_OF); 780 | setFlagInfo(FLAG_TF, Modify, X86_EFLAGS_MODIFY_TF); 781 | setFlagInfo(FLAG_IF, Modify, X86_EFLAGS_MODIFY_IF); 782 | setFlagInfo(FLAG_DF, Modify, X86_EFLAGS_MODIFY_DF); 783 | setFlagInfo(FLAG_NT, Modify, X86_EFLAGS_MODIFY_NT); 784 | setFlagInfo(FLAG_RF, Modify, X86_EFLAGS_MODIFY_RF); 785 | //None 786 | setFlagInfo(FLAG_OF, Prior, X86_EFLAGS_PRIOR_OF); 787 | setFlagInfo(FLAG_SF, Prior, X86_EFLAGS_PRIOR_SF); 788 | setFlagInfo(FLAG_ZF, Prior, X86_EFLAGS_PRIOR_ZF); 789 | setFlagInfo(FLAG_AF, Prior, X86_EFLAGS_PRIOR_AF); 790 | setFlagInfo(FLAG_PF, Prior, X86_EFLAGS_PRIOR_PF); 791 | setFlagInfo(FLAG_CF, Prior, X86_EFLAGS_PRIOR_CF); 792 | setFlagInfo(FLAG_TF, Prior, X86_EFLAGS_PRIOR_TF); 793 | setFlagInfo(FLAG_IF, Prior, X86_EFLAGS_PRIOR_IF); 794 | setFlagInfo(FLAG_DF, Prior, X86_EFLAGS_PRIOR_DF); 795 | setFlagInfo(FLAG_NT, Prior, X86_EFLAGS_PRIOR_NT); 796 | //Write 797 | setFlagInfo(FLAG_OF, Reset, X86_EFLAGS_RESET_OF); 798 | setFlagInfo(FLAG_CF, Reset, X86_EFLAGS_RESET_CF); 799 | setFlagInfo(FLAG_DF, Reset, X86_EFLAGS_RESET_DF); 800 | setFlagInfo(FLAG_IF, Reset, X86_EFLAGS_RESET_IF); 801 | setFlagInfo(FLAG_SF, Reset, X86_EFLAGS_RESET_SF); 802 | setFlagInfo(FLAG_AF, Reset, X86_EFLAGS_RESET_AF); 803 | setFlagInfo(FLAG_TF, Reset, X86_EFLAGS_RESET_TF); 804 | setFlagInfo(FLAG_NT, Reset, X86_EFLAGS_RESET_NT); 805 | setFlagInfo(FLAG_PF, Reset, X86_EFLAGS_RESET_PF); 806 | //Write 807 | setFlagInfo(FLAG_CF, Set, X86_EFLAGS_SET_CF); 808 | setFlagInfo(FLAG_DF, Set, X86_EFLAGS_SET_DF); 809 | setFlagInfo(FLAG_IF, Set, X86_EFLAGS_SET_IF); 810 | //Read 811 | setFlagInfo(FLAG_OF, Test, X86_EFLAGS_TEST_OF); 812 | setFlagInfo(FLAG_SF, Test, X86_EFLAGS_TEST_SF); 813 | setFlagInfo(FLAG_ZF, Test, X86_EFLAGS_TEST_ZF); 814 | setFlagInfo(FLAG_PF, Test, X86_EFLAGS_TEST_PF); 815 | setFlagInfo(FLAG_CF, Test, X86_EFLAGS_TEST_CF); 816 | setFlagInfo(FLAG_NT, Test, X86_EFLAGS_TEST_NT); 817 | setFlagInfo(FLAG_DF, Test, X86_EFLAGS_TEST_DF); 818 | //None 819 | setFlagInfo(FLAG_OF, Undefined, X86_EFLAGS_UNDEFINED_OF); 820 | setFlagInfo(FLAG_SF, Undefined, X86_EFLAGS_UNDEFINED_SF); 821 | setFlagInfo(FLAG_ZF, Undefined, X86_EFLAGS_UNDEFINED_ZF); 822 | setFlagInfo(FLAG_PF, Undefined, X86_EFLAGS_UNDEFINED_PF); 823 | setFlagInfo(FLAG_AF, Undefined, X86_EFLAGS_UNDEFINED_AF); 824 | setFlagInfo(FLAG_CF, Undefined, X86_EFLAGS_UNDEFINED_CF); 825 | #undef setFlagInfo 826 | } 827 | 828 | const char* Capstone::FlagName(Flag flag) const 829 | { 830 | switch(flag) 831 | { 832 | case FLAG_AF: 833 | return "AF"; 834 | case FLAG_CF: 835 | return "CF"; 836 | case FLAG_SF: 837 | return "SF"; 838 | case FLAG_ZF: 839 | return "ZF"; 840 | case FLAG_PF: 841 | return "PF"; 842 | case FLAG_OF: 843 | return "OF"; 844 | case FLAG_TF: 845 | return "TF"; 846 | case FLAG_IF: 847 | return "IF"; 848 | case FLAG_DF: 849 | return "DF"; 850 | case FLAG_NT: 851 | return "NT"; 852 | case FLAG_RF: 853 | return "RF"; 854 | default: 855 | return nullptr; 856 | } 857 | } 858 | -------------------------------------------------------------------------------- /capstone_wrapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _CAPSTONE_WRAPPER_H 2 | #define _CAPSTONE_WRAPPER_H 3 | 4 | #include "capstone/capstone.h" 5 | #include 6 | #include 7 | 8 | #define MAX_DISASM_BUFFER 16 9 | 10 | class Capstone 11 | { 12 | public: 13 | static void GlobalInitialize(); 14 | static void GlobalFinalize(); 15 | Capstone(); 16 | Capstone(const Capstone & capstone); //copy constructor 17 | ~Capstone(); 18 | bool Disassemble(size_t addr, const unsigned char data[MAX_DISASM_BUFFER]); 19 | bool Disassemble(size_t addr, const unsigned char* data, int size); 20 | bool DisassembleSafe(size_t addr, const unsigned char* data, int size); 21 | const cs_insn* GetInstr() const; 22 | bool Success() const; 23 | const char* RegName(x86_reg reg) const; 24 | bool InGroup(cs_group_type group) const; 25 | std::string OperandText(int opindex) const; 26 | int Size() const; 27 | size_t Address() const; 28 | const cs_x86 & x86() const; 29 | bool IsFilling() const; 30 | bool IsLoop() const; 31 | bool IsUnusual() const; 32 | x86_insn GetId() const; 33 | std::string InstructionText(bool replaceRipRelative = true) const; 34 | int OpCount() const; 35 | const cs_x86_op & operator[](int index) const; 36 | bool IsNop() const; 37 | bool IsInt3() const; 38 | std::string Mnemonic() const; 39 | std::string MnemonicId() const; 40 | const char* MemSizeName(int size) const; 41 | size_t BranchDestination() const; 42 | size_t ResolveOpValue(int opindex, const std::function & resolveReg) const; 43 | bool IsBranchGoingToExecute(size_t cflags, size_t ccx) const; 44 | static bool IsBranchGoingToExecute(x86_insn id, size_t cflags, size_t ccx); 45 | bool IsConditionalGoingToExecute(size_t cflags, size_t ccx) const; 46 | static bool IsConditionalGoingToExecute(x86_insn id, size_t cflags, size_t ccx); 47 | 48 | enum RegInfoAccess 49 | { 50 | None = 0, 51 | Read = 1 << 0, 52 | Write = 1 << 1, 53 | Implicit = 1 << 2, 54 | Explicit = 1 << 3 55 | }; 56 | 57 | enum Flag 58 | { 59 | FLAG_INVALID, 60 | FLAG_AF, 61 | FLAG_CF, 62 | FLAG_SF, 63 | FLAG_ZF, 64 | FLAG_PF, 65 | FLAG_OF, 66 | FLAG_TF, 67 | FLAG_IF, 68 | FLAG_DF, 69 | FLAG_NT, 70 | FLAG_RF, 71 | FLAG_ENDING 72 | }; 73 | 74 | enum FlagInfoAccess 75 | { 76 | Modify = 1 << 0, 77 | Prior = 1 << 1, 78 | Reset = 1 << 2, 79 | Set = 1 << 3, 80 | Test = 1 << 4, 81 | Undefined = 1 << 5 82 | }; 83 | 84 | void RegInfo(uint8_t info[X86_REG_ENDING]) const; 85 | void FlagInfo(uint8_t info[FLAG_ENDING]) const; 86 | const char* FlagName(Flag flag) const; 87 | 88 | private: 89 | static csh mHandle; 90 | static bool mInitialized; 91 | cs_insn* mInstr; 92 | bool mSuccess; 93 | }; 94 | 95 | #endif //_CAPSTONE_WRAPPER_H 96 | -------------------------------------------------------------------------------- /capstone_wrapper.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "capstone_wrapper", "capstone_wrapper.vcxproj", "{C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Debug|Win32.Build.0 = Debug|Win32 18 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Debug|x64.ActiveCfg = Debug|x64 19 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Debug|x64.Build.0 = Debug|x64 20 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Release|Win32.ActiveCfg = Release|Win32 21 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Release|Win32.Build.0 = Release|Win32 22 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Release|x64.ActiveCfg = Release|x64 23 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /capstone_wrapper.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {C9B06E6E-3534-4E7B-9C00-C3EA33CC4E15} 23 | capstone_wrapper 24 | 25 | 26 | 27 | StaticLibrary 28 | true 29 | v120_xp 30 | MultiByte 31 | 32 | 33 | StaticLibrary 34 | true 35 | v120_xp 36 | MultiByte 37 | 38 | 39 | StaticLibrary 40 | false 41 | v120_xp 42 | true 43 | MultiByte 44 | 45 | 46 | StaticLibrary 47 | false 48 | v120_xp 49 | true 50 | MultiByte 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | .lib 70 | $(ProjectDir)bin\x32\ 71 | $(Platform)\$(Configuration)\ 72 | 73 | 74 | .lib 75 | $(ProjectDir)bin\x64\ 76 | 77 | 78 | .lib 79 | $(ProjectDir)bin\x32d\ 80 | $(Platform)\$(Configuration)\ 81 | 82 | 83 | .lib 84 | $(ProjectDir)bin\x64d\ 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | true 91 | 92 | 93 | true 94 | 95 | 96 | 97 | 98 | Level3 99 | Disabled 100 | true 101 | 102 | 103 | true 104 | 105 | 106 | 107 | 108 | Level3 109 | MaxSpeed 110 | true 111 | true 112 | true 113 | false 114 | 115 | 116 | true 117 | true 118 | true 119 | 120 | 121 | 122 | 123 | Level3 124 | MaxSpeed 125 | true 126 | true 127 | true 128 | false 129 | 130 | 131 | true 132 | true 133 | true 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | -------------------------------------------------------------------------------- /capstone_wrapper.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {3bbff6cd-ec83-4131-886b-ea05b58337a0} 14 | 15 | 16 | 17 | 18 | Source Files 19 | 20 | 21 | 22 | 23 | Header Files 24 | 25 | 26 | Header Files\capstone 27 | 28 | 29 | Header Files\capstone 30 | 31 | 32 | Header Files\capstone 33 | 34 | 35 | Header Files\capstone 36 | 37 | 38 | Header Files\capstone 39 | 40 | 41 | Header Files\capstone 42 | 43 | 44 | Header Files\capstone 45 | 46 | 47 | Header Files\capstone 48 | 49 | 50 | Header Files\capstone 51 | 52 | 53 | Header Files\capstone 54 | 55 | 56 | Header Files\capstone 57 | 58 | 59 | -------------------------------------------------------------------------------- /capstone_wrapper.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | --------------------------------------------------------------------------------