| 1 | #ifndef CAPSTONE_ENGINE_H |
|---|---|
| 2 | #define CAPSTONE_ENGINE_H |
| 3 | |
| 4 | /* Capstone Disassembly Engine */ |
| 5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2013-2016 */ |
| 6 | |
| 7 | #ifdef __cplusplus |
| 8 | extern "C"{ |
| 9 | #endif |
| 10 | |
| 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE) |
| 12 | #include <stdint.h> |
| 13 | #endif |
| 14 | |
| 15 | #include <stdarg.h> |
| 16 | |
| 17 | #if defined(CAPSTONE_HAS_OSXKERNEL) |
| 18 | #include <libkern/libkern.h> |
| 19 | #else |
| 20 | #include <stdlib.h> |
| 21 | #include <stdio.h> |
| 22 | #endif |
| 23 | |
| 24 | #include "platform.h" |
| 25 | |
| 26 | #ifdef _MSC_VER |
| 27 | #pragma warning(disable:4201) |
| 28 | #pragma warning(disable:4100) |
| 29 | #define CAPSTONE_API __cdecl |
| 30 | #ifdef CAPSTONE_SHARED |
| 31 | #define CAPSTONE_EXPORT __declspec(dllexport) |
| 32 | #else // defined(CAPSTONE_STATIC) |
| 33 | #define CAPSTONE_EXPORT |
| 34 | #endif |
| 35 | #else |
| 36 | #define CAPSTONE_API |
| 37 | #if defined(__GNUC__) && !defined(CAPSTONE_STATIC) |
| 38 | #define CAPSTONE_EXPORT __attribute__((visibility("default"))) |
| 39 | #else // defined(CAPSTONE_STATIC) |
| 40 | #define CAPSTONE_EXPORT |
| 41 | #endif |
| 42 | #endif |
| 43 | |
| 44 | #ifdef __GNUC__ |
| 45 | #define CAPSTONE_DEPRECATED __attribute__((deprecated)) |
| 46 | #elif defined(_MSC_VER) |
| 47 | #define CAPSTONE_DEPRECATED __declspec(deprecated) |
| 48 | #else |
| 49 | #pragma message("WARNING: You need to implement CAPSTONE_DEPRECATED for this compiler") |
| 50 | #define CAPSTONE_DEPRECATED |
| 51 | #endif |
| 52 | |
| 53 | // Capstone API version |
| 54 | #define CS_API_MAJOR 3 |
| 55 | #define CS_API_MINOR 0 |
| 56 | |
| 57 | // Capstone package version |
| 58 | #define CS_VERSION_MAJOR CS_API_MAJOR |
| 59 | #define CS_VERSION_MINOR CS_API_MINOR |
| 60 | #define CS_VERSION_EXTRA 5 |
| 61 | |
| 62 | // Macro to create combined version which can be compared to |
| 63 | // result of cs_version() API. |
| 64 | #define CS_MAKE_VERSION(major, minor) ((major << 8) + minor) |
| 65 | |
| 66 | // Handle using with all API |
| 67 | typedef size_t csh; |
| 68 | |
| 69 | // Architecture type |
| 70 | typedef enum cs_arch { |
| 71 | CS_ARCH_ARM = 0, // ARM architecture (including Thumb, Thumb-2) |
| 72 | CS_ARCH_ARM64, // ARM-64, also called AArch64 |
| 73 | CS_ARCH_MIPS, // Mips architecture |
| 74 | CS_ARCH_X86, // X86 architecture (including x86 & x86-64) |
| 75 | CS_ARCH_PPC, // PowerPC architecture |
| 76 | CS_ARCH_SPARC, // Sparc architecture |
| 77 | CS_ARCH_SYSZ, // SystemZ architecture |
| 78 | CS_ARCH_XCORE, // XCore architecture |
| 79 | CS_ARCH_MAX, |
| 80 | CS_ARCH_ALL = 0xFFFF, // All architectures - for cs_support() |
| 81 | } cs_arch; |
| 82 | |
| 83 | // Support value to verify diet mode of the engine. |
| 84 | // If cs_support(CS_SUPPORT_DIET) return True, the engine was compiled |
| 85 | // in diet mode. |
| 86 | #define CS_SUPPORT_DIET (CS_ARCH_ALL + 1) |
| 87 | |
| 88 | // Support value to verify X86 reduce mode of the engine. |
| 89 | // If cs_support(CS_SUPPORT_X86_REDUCE) return True, the engine was compiled |
| 90 | // in X86 reduce mode. |
| 91 | #define CS_SUPPORT_X86_REDUCE (CS_ARCH_ALL + 2) |
| 92 | |
| 93 | // Mode type |
| 94 | typedef enum cs_mode { |
| 95 | CS_MODE_LITTLE_ENDIAN = 0, // little-endian mode (default mode) |
| 96 | CS_MODE_ARM = 0, // 32-bit ARM |
| 97 | CS_MODE_16 = 1 << 1, // 16-bit mode (X86) |
| 98 | CS_MODE_32 = 1 << 2, // 32-bit mode (X86) |
| 99 | CS_MODE_64 = 1 << 3, // 64-bit mode (X86, PPC) |
| 100 | CS_MODE_THUMB = 1 << 4, // ARM's Thumb mode, including Thumb-2 |
| 101 | CS_MODE_MCLASS = 1 << 5, // ARM's Cortex-M series |
| 102 | CS_MODE_V8 = 1 << 6, // ARMv8 A32 encodings for ARM |
| 103 | CS_MODE_MICRO = 1 << 4, // MicroMips mode (MIPS) |
| 104 | CS_MODE_MIPS3 = 1 << 5, // Mips III ISA |
| 105 | CS_MODE_MIPS32R6 = 1 << 6, // Mips32r6 ISA |
| 106 | CS_MODE_MIPSGP64 = 1 << 7, // General Purpose Registers are 64-bit wide (MIPS) |
| 107 | CS_MODE_V9 = 1 << 4, // SparcV9 mode (Sparc) |
| 108 | CS_MODE_BIG_ENDIAN = 1 << 31, // big-endian mode |
| 109 | CS_MODE_MIPS32 = CS_MODE_32, // Mips32 ISA (Mips) |
| 110 | CS_MODE_MIPS64 = CS_MODE_64, // Mips64 ISA (Mips) |
| 111 | } cs_mode; |
| 112 | |
| 113 | typedef void* (CAPSTONE_API *cs_malloc_t)(size_t size); |
| 114 | typedef void* (CAPSTONE_API *cs_calloc_t)(size_t nmemb, size_t size); |
| 115 | typedef void* (CAPSTONE_API *cs_realloc_t)(void *ptr, size_t size); |
| 116 | typedef void (CAPSTONE_API *cs_free_t)(void *ptr); |
| 117 | typedef int (CAPSTONE_API *cs_vsnprintf_t)(char *str, size_t size, const char *format, va_list ap); |
| 118 | |
| 119 | |
| 120 | // User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() |
| 121 | // By default, Capstone uses system's malloc(), calloc(), realloc(), free() & vsnprintf(). |
| 122 | typedef struct cs_opt_mem { |
| 123 | cs_malloc_t malloc; |
| 124 | cs_calloc_t calloc; |
| 125 | cs_realloc_t realloc; |
| 126 | cs_free_t free; |
| 127 | cs_vsnprintf_t vsnprintf; |
| 128 | } cs_opt_mem; |
| 129 | |
| 130 | // Runtime option for the disassembled engine |
| 131 | typedef enum cs_opt_type { |
| 132 | CS_OPT_INVALID = 0, // No option specified |
| 133 | CS_OPT_SYNTAX, // Assembly output syntax |
| 134 | CS_OPT_DETAIL, // Break down instruction structure into details |
| 135 | CS_OPT_MODE, // Change engine's mode at run-time |
| 136 | CS_OPT_MEM, // User-defined dynamic memory related functions |
| 137 | CS_OPT_SKIPDATA, // Skip data when disassembling. Then engine is in SKIPDATA mode. |
| 138 | CS_OPT_SKIPDATA_SETUP, // Setup user-defined function for SKIPDATA option |
| 139 | } cs_opt_type; |
| 140 | |
| 141 | // Runtime option value (associated with option type above) |
| 142 | typedef enum cs_opt_value { |
| 143 | CS_OPT_OFF = 0, // Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA. |
| 144 | CS_OPT_ON = 3, // Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). |
| 145 | CS_OPT_SYNTAX_DEFAULT = 0, // Default asm syntax (CS_OPT_SYNTAX). |
| 146 | CS_OPT_SYNTAX_INTEL, // X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). |
| 147 | CS_OPT_SYNTAX_ATT, // X86 ATT asm syntax (CS_OPT_SYNTAX). |
| 148 | CS_OPT_SYNTAX_NOREGNAME, // Prints register name with only number (CS_OPT_SYNTAX) |
| 149 | } cs_opt_value; |
| 150 | |
| 151 | //> Common instruction operand types - to be consistent across all architectures. |
| 152 | typedef enum cs_op_type { |
| 153 | CS_OP_INVALID = 0, // uninitialized/invalid operand. |
| 154 | CS_OP_REG, // Register operand. |
| 155 | CS_OP_IMM, // Immediate operand. |
| 156 | CS_OP_MEM, // Memory operand. |
| 157 | CS_OP_FP, // Floating-Point operand. |
| 158 | } cs_op_type; |
| 159 | |
| 160 | //> Common instruction groups - to be consistent across all architectures. |
| 161 | typedef enum cs_group_type { |
| 162 | CS_GRP_INVALID = 0, // uninitialized/invalid group. |
| 163 | CS_GRP_JUMP, // all jump instructions (conditional+direct+indirect jumps) |
| 164 | CS_GRP_CALL, // all call instructions |
| 165 | CS_GRP_RET, // all return instructions |
| 166 | CS_GRP_INT, // all interrupt instructions (int+syscall) |
| 167 | CS_GRP_IRET, // all interrupt return instructions |
| 168 | } cs_group_type; |
| 169 | |
| 170 | /* |
| 171 | User-defined callback function for SKIPDATA option. |
| 172 | See tests/test_skipdata.c for sample code demonstrating this API. |
| 173 | |
| 174 | @code: the input buffer containing code to be disassembled. |
| 175 | This is the same buffer passed to cs_disasm(). |
| 176 | @code_size: size (in bytes) of the above @code buffer. |
| 177 | @offset: the position of the currently-examining byte in the input |
| 178 | buffer @code mentioned above. |
| 179 | @user_data: user-data passed to cs_option() via @user_data field in |
| 180 | cs_opt_skipdata struct below. |
| 181 | |
| 182 | @return: return number of bytes to skip, or 0 to immediately stop disassembling. |
| 183 | */ |
| 184 | typedef size_t (CAPSTONE_API *cs_skipdata_cb_t)(const uint8_t *code, size_t code_size, size_t offset, void *user_data); |
| 185 | |
| 186 | // User-customized setup for SKIPDATA option |
| 187 | typedef struct cs_opt_skipdata { |
| 188 | // Capstone considers data to skip as special "instructions". |
| 189 | // User can specify the string for this instruction's "mnemonic" here. |
| 190 | // By default (if @mnemonic is NULL), Capstone use ".byte". |
| 191 | const char *mnemonic; |
| 192 | |
| 193 | // User-defined callback function to be called when Capstone hits data. |
| 194 | // If the returned value from this callback is positive (>0), Capstone |
| 195 | // will skip exactly that number of bytes & continue. Otherwise, if |
| 196 | // the callback returns 0, Capstone stops disassembling and returns |
| 197 | // immediately from cs_disasm() |
| 198 | // NOTE: if this callback pointer is NULL, Capstone would skip a number |
| 199 | // of bytes depending on architectures, as following: |
| 200 | // Arm: 2 bytes (Thumb mode) or 4 bytes. |
| 201 | // Arm64: 4 bytes. |
| 202 | // Mips: 4 bytes. |
| 203 | // PowerPC: 4 bytes. |
| 204 | // Sparc: 4 bytes. |
| 205 | // SystemZ: 2 bytes. |
| 206 | // X86: 1 bytes. |
| 207 | // XCore: 2 bytes. |
| 208 | cs_skipdata_cb_t callback; // default value is NULL |
| 209 | |
| 210 | // User-defined data to be passed to @callback function pointer. |
| 211 | void *user_data; |
| 212 | } cs_opt_skipdata; |
| 213 | |
| 214 | |
| 215 | #include "arm.h" |
| 216 | #include "arm64.h" |
| 217 | #include "mips.h" |
| 218 | #include "ppc.h" |
| 219 | #include "sparc.h" |
| 220 | #include "systemz.h" |
| 221 | #include "x86.h" |
| 222 | #include "xcore.h" |
| 223 | |
| 224 | // NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON |
| 225 | typedef struct cs_detail { |
| 226 | uint8_t regs_read[12]; // list of implicit registers read by this insn |
| 227 | uint8_t regs_read_count; // number of implicit registers read by this insn |
| 228 | |
| 229 | uint8_t regs_write[20]; // list of implicit registers modified by this insn |
| 230 | uint8_t regs_write_count; // number of implicit registers modified by this insn |
| 231 | |
| 232 | uint8_t groups[8]; // list of group this instruction belong to |
| 233 | uint8_t groups_count; // number of groups this insn belongs to |
| 234 | |
| 235 | // Architecture-specific instruction info |
| 236 | union { |
| 237 | cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode |
| 238 | cs_arm64 arm64; // ARM64 architecture (aka AArch64) |
| 239 | cs_arm arm; // ARM architecture (including Thumb/Thumb2) |
| 240 | cs_mips mips; // MIPS architecture |
| 241 | cs_ppc ppc; // PowerPC architecture |
| 242 | cs_sparc sparc; // Sparc architecture |
| 243 | cs_sysz sysz; // SystemZ architecture |
| 244 | cs_xcore xcore; // XCore architecture |
| 245 | }; |
| 246 | } cs_detail; |
| 247 | |
| 248 | // Detail information of disassembled instruction |
| 249 | typedef struct cs_insn { |
| 250 | // Instruction ID (basically a numeric ID for the instruction mnemonic) |
| 251 | // Find the instruction id in the '[ARCH]_insn' enum in the header file |
| 252 | // of corresponding architecture, such as 'arm_insn' in arm.h for ARM, |
| 253 | // 'x86_insn' in x86.h for X86, etc... |
| 254 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF |
| 255 | // NOTE: in Skipdata mode, "data" instruction has 0 for this id field. |
| 256 | unsigned int id; |
| 257 | |
| 258 | // Address (EIP) of this instruction |
| 259 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF |
| 260 | uint64_t address; |
| 261 | |
| 262 | // Size of this instruction |
| 263 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF |
| 264 | uint16_t size; |
| 265 | // Machine bytes of this instruction, with number of bytes indicated by @size above |
| 266 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF |
| 267 | uint8_t bytes[16]; |
| 268 | |
| 269 | // Ascii text of instruction mnemonic |
| 270 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF |
| 271 | char mnemonic[32]; |
| 272 | |
| 273 | // Ascii text of instruction operands |
| 274 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF |
| 275 | char op_str[160]; |
| 276 | |
| 277 | // Pointer to cs_detail. |
| 278 | // NOTE: detail pointer is only valid when both requirements below are met: |
| 279 | // (1) CS_OP_DETAIL = CS_OPT_ON |
| 280 | // (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) |
| 281 | // |
| 282 | // NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer |
| 283 | // is not NULL, its content is still irrelevant. |
| 284 | cs_detail *detail; |
| 285 | } cs_insn; |
| 286 | |
| 287 | |
| 288 | // Calculate the offset of a disassembled instruction in its buffer, given its position |
| 289 | // in its array of disassembled insn |
| 290 | // NOTE: this macro works with position (>=1), not index |
| 291 | #define CS_INSN_OFFSET(insns, post) (insns[post - 1].address - insns[0].address) |
| 292 | |
| 293 | |
| 294 | // All type of errors encountered by Capstone API. |
| 295 | // These are values returned by cs_errno() |
| 296 | typedef enum cs_err { |
| 297 | CS_ERR_OK = 0, // No error: everything was fine |
| 298 | CS_ERR_MEM, // Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() |
| 299 | CS_ERR_ARCH, // Unsupported architecture: cs_open() |
| 300 | CS_ERR_HANDLE, // Invalid handle: cs_op_count(), cs_op_index() |
| 301 | CS_ERR_CSH, // Invalid csh argument: cs_close(), cs_errno(), cs_option() |
| 302 | CS_ERR_MODE, // Invalid/unsupported mode: cs_open() |
| 303 | CS_ERR_OPTION, // Invalid/unsupported option: cs_option() |
| 304 | CS_ERR_DETAIL, // Information is unavailable because detail option is OFF |
| 305 | CS_ERR_MEMSETUP, // Dynamic memory management uninitialized (see CS_OPT_MEM) |
| 306 | CS_ERR_VERSION, // Unsupported version (bindings) |
| 307 | CS_ERR_DIET, // Access irrelevant data in "diet" engine |
| 308 | CS_ERR_SKIPDATA, // Access irrelevant data for "data" instruction in SKIPDATA mode |
| 309 | CS_ERR_X86_ATT, // X86 AT&T syntax is unsupported (opt-out at compile time) |
| 310 | CS_ERR_X86_INTEL, // X86 Intel syntax is unsupported (opt-out at compile time) |
| 311 | } cs_err; |
| 312 | |
| 313 | /* |
| 314 | Return combined API version & major and minor version numbers. |
| 315 | |
| 316 | @major: major number of API version |
| 317 | @minor: minor number of API version |
| 318 | |
| 319 | @return hexical number as (major << 8 | minor), which encodes both |
| 320 | major & minor versions. |
| 321 | NOTE: This returned value can be compared with version number made |
| 322 | with macro CS_MAKE_VERSION |
| 323 | |
| 324 | For example, second API version would return 1 in @major, and 1 in @minor |
| 325 | The return value would be 0x0101 |
| 326 | |
| 327 | NOTE: if you only care about returned value, but not major and minor values, |
| 328 | set both @major & @minor arguments to NULL. |
| 329 | */ |
| 330 | CAPSTONE_EXPORT |
| 331 | unsigned int CAPSTONE_API cs_version(int *major, int *minor); |
| 332 | |
| 333 | |
| 334 | /* |
| 335 | This API can be used to either ask for archs supported by this library, |
| 336 | or check to see if the library was compile with 'diet' option (or called |
| 337 | in 'diet' mode). |
| 338 | |
| 339 | To check if a particular arch is supported by this library, set @query to |
| 340 | arch mode (CS_ARCH_* value). |
| 341 | To verify if this library supports all the archs, use CS_ARCH_ALL. |
| 342 | |
| 343 | To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. |
| 344 | |
| 345 | @return True if this library supports the given arch, or in 'diet' mode. |
| 346 | */ |
| 347 | CAPSTONE_EXPORT |
| 348 | bool CAPSTONE_API cs_support(int query); |
| 349 | |
| 350 | /* |
| 351 | Initialize CS handle: this must be done before any usage of CS. |
| 352 | |
| 353 | @arch: architecture type (CS_ARCH_*) |
| 354 | @mode: hardware mode. This is combined of CS_MODE_* |
| 355 | @handle: pointer to handle, which will be updated at return time |
| 356 | |
| 357 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum |
| 358 | for detailed error). |
| 359 | */ |
| 360 | CAPSTONE_EXPORT |
| 361 | cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh *handle); |
| 362 | |
| 363 | /* |
| 364 | Close CS handle: MUST do to release the handle when it is not used anymore. |
| 365 | NOTE: this must be only called when there is no longer usage of Capstone, |
| 366 | not even access to cs_insn array. The reason is the this API releases some |
| 367 | cached memory, thus access to any Capstone API after cs_close() might crash |
| 368 | your application. |
| 369 | |
| 370 | In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). |
| 371 | |
| 372 | @handle: pointer to a handle returned by cs_open() |
| 373 | |
| 374 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum |
| 375 | for detailed error). |
| 376 | */ |
| 377 | CAPSTONE_EXPORT |
| 378 | cs_err CAPSTONE_API cs_close(csh *handle); |
| 379 | |
| 380 | /* |
| 381 | Set option for disassembling engine at runtime |
| 382 | |
| 383 | @handle: handle returned by cs_open() |
| 384 | @type: type of option to be set |
| 385 | @value: option value corresponding with @type |
| 386 | |
| 387 | @return: CS_ERR_OK on success, or other value on failure. |
| 388 | Refer to cs_err enum for detailed error. |
| 389 | |
| 390 | NOTE: in the case of CS_OPT_MEM, handle's value can be anything, |
| 391 | so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called |
| 392 | even before cs_open() |
| 393 | */ |
| 394 | CAPSTONE_EXPORT |
| 395 | cs_err CAPSTONE_API cs_option(csh handle, cs_opt_type type, size_t value); |
| 396 | |
| 397 | /* |
| 398 | Report the last error number when some API function fail. |
| 399 | Like glibc's errno, cs_errno might not retain its old value once accessed. |
| 400 | |
| 401 | @handle: handle returned by cs_open() |
| 402 | |
| 403 | @return: error code of cs_err enum type (CS_ERR_*, see above) |
| 404 | */ |
| 405 | CAPSTONE_EXPORT |
| 406 | cs_err CAPSTONE_API cs_errno(csh handle); |
| 407 | |
| 408 | |
| 409 | /* |
| 410 | Return a string describing given error code. |
| 411 | |
| 412 | @code: error code (see CS_ERR_* above) |
| 413 | |
| 414 | @return: returns a pointer to a string that describes the error code |
| 415 | passed in the argument @code |
| 416 | */ |
| 417 | CAPSTONE_EXPORT |
| 418 | const char * CAPSTONE_API cs_strerror(cs_err code); |
| 419 | |
| 420 | /* |
| 421 | Disassemble binary code, given the code buffer, size, address and number |
| 422 | of instructions to be decoded. |
| 423 | This API dynamically allocate memory to contain disassembled instruction. |
| 424 | Resulted instructions will be put into @*insn |
| 425 | |
| 426 | NOTE 1: this API will automatically determine memory needed to contain |
| 427 | output disassembled instructions in @insn. |
| 428 | |
| 429 | NOTE 2: caller must free the allocated memory itself to avoid memory leaking. |
| 430 | |
| 431 | NOTE 3: for system with scarce memory to be dynamically allocated such as |
| 432 | OS kernel or firmware, the API cs_disasm_iter() might be a better choice than |
| 433 | cs_disasm(). The reason is that with cs_disasm(), based on limited available |
| 434 | memory, we have to calculate in advance how many instructions to be disassembled, |
| 435 | which complicates things. This is especially troublesome for the case @count=0, |
| 436 | when cs_disasm() runs uncontrollably (until either end of input buffer, or |
| 437 | when it encounters an invalid instruction). |
| 438 | |
| 439 | @handle: handle returned by cs_open() |
| 440 | @code: buffer containing raw binary code to be disassembled. |
| 441 | @code_size: size of the above code buffer. |
| 442 | @address: address of the first instruction in given raw code buffer. |
| 443 | @insn: array of instructions filled in by this API. |
| 444 | NOTE: @insn will be allocated by this function, and should be freed |
| 445 | with cs_free() API. |
| 446 | @count: number of instructions to be disassembled, or 0 to get all of them |
| 447 | |
| 448 | @return: the number of successfully disassembled instructions, |
| 449 | or 0 if this function failed to disassemble the given code |
| 450 | |
| 451 | On failure, call cs_errno() for error code. |
| 452 | */ |
| 453 | CAPSTONE_EXPORT |
| 454 | size_t CAPSTONE_API cs_disasm(csh handle, |
| 455 | const uint8_t *code, size_t code_size, |
| 456 | uint64_t address, |
| 457 | size_t count, |
| 458 | cs_insn **insn); |
| 459 | |
| 460 | /* |
| 461 | Deprecated function - to be retired in the next version! |
| 462 | Use cs_disasm() instead of cs_disasm_ex() |
| 463 | */ |
| 464 | CAPSTONE_EXPORT |
| 465 | CAPSTONE_DEPRECATED |
| 466 | size_t CAPSTONE_API cs_disasm_ex(csh handle, |
| 467 | const uint8_t *code, size_t code_size, |
| 468 | uint64_t address, |
| 469 | size_t count, |
| 470 | cs_insn **insn); |
| 471 | |
| 472 | /* |
| 473 | Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) |
| 474 | |
| 475 | @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() |
| 476 | @count: number of cs_insn structures returned by cs_disasm(), or 1 |
| 477 | to free memory allocated by cs_malloc(). |
| 478 | */ |
| 479 | CAPSTONE_EXPORT |
| 480 | void CAPSTONE_API cs_free(cs_insn *insn, size_t count); |
| 481 | |
| 482 | |
| 483 | /* |
| 484 | Allocate memory for 1 instruction to be used by cs_disasm_iter(). |
| 485 | |
| 486 | @handle: handle returned by cs_open() |
| 487 | |
| 488 | NOTE: when no longer in use, you can reclaim the memory allocated for |
| 489 | this instruction with cs_free(insn, 1) |
| 490 | */ |
| 491 | CAPSTONE_EXPORT |
| 492 | cs_insn * CAPSTONE_API cs_malloc(csh handle); |
| 493 | |
| 494 | /* |
| 495 | Fast API to disassemble binary code, given the code buffer, size, address |
| 496 | and number of instructions to be decoded. |
| 497 | This API put the resulted instruction into a given cache in @insn. |
| 498 | See tests/test_iter.c for sample code demonstrating this API. |
| 499 | |
| 500 | NOTE 1: this API will update @code, @size & @address to point to the next |
| 501 | instruction in the input buffer. Therefore, it is convenient to use |
| 502 | cs_disasm_iter() inside a loop to quickly iterate all the instructions. |
| 503 | While decoding one instruction at a time can also be achieved with |
| 504 | cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% |
| 505 | faster on random input. |
| 506 | |
| 507 | NOTE 2: the cache in @insn can be created with cs_malloc() API. |
| 508 | |
| 509 | NOTE 3: for system with scarce memory to be dynamically allocated such as |
| 510 | OS kernel or firmware, this API is recommended over cs_disasm(), which |
| 511 | allocates memory based on the number of instructions to be disassembled. |
| 512 | The reason is that with cs_disasm(), based on limited available memory, |
| 513 | we have to calculate in advance how many instructions to be disassembled, |
| 514 | which complicates things. This is especially troublesome for the case |
| 515 | @count=0, when cs_disasm() runs uncontrollably (until either end of input |
| 516 | buffer, or when it encounters an invalid instruction). |
| 517 | |
| 518 | @handle: handle returned by cs_open() |
| 519 | @code: buffer containing raw binary code to be disassembled |
| 520 | @size: size of above code |
| 521 | @address: address of the first insn in given raw code buffer |
| 522 | @insn: pointer to instruction to be filled in by this API. |
| 523 | |
| 524 | @return: true if this API successfully decode 1 instruction, |
| 525 | or false otherwise. |
| 526 | |
| 527 | On failure, call cs_errno() for error code. |
| 528 | */ |
| 529 | CAPSTONE_EXPORT |
| 530 | bool CAPSTONE_API cs_disasm_iter(csh handle, |
| 531 | const uint8_t **code, size_t *size, |
| 532 | uint64_t *address, cs_insn *insn); |
| 533 | |
| 534 | /* |
| 535 | Return friendly name of register in a string. |
| 536 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, |
| 537 | x86.h for X86, ...) |
| 538 | |
| 539 | WARN: when in 'diet' mode, this API is irrelevant because engine does not |
| 540 | store register name. |
| 541 | |
| 542 | @handle: handle returned by cs_open() |
| 543 | @reg_id: register id |
| 544 | |
| 545 | @return: string name of the register, or NULL if @reg_id is invalid. |
| 546 | */ |
| 547 | CAPSTONE_EXPORT |
| 548 | const char * CAPSTONE_API cs_reg_name(csh handle, unsigned int reg_id); |
| 549 | |
| 550 | /* |
| 551 | Return friendly name of an instruction in a string. |
| 552 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 553 | |
| 554 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not |
| 555 | store instruction name. |
| 556 | |
| 557 | @handle: handle returned by cs_open() |
| 558 | @insn_id: instruction id |
| 559 | |
| 560 | @return: string name of the instruction, or NULL if @insn_id is invalid. |
| 561 | */ |
| 562 | CAPSTONE_EXPORT |
| 563 | const char * CAPSTONE_API cs_insn_name(csh handle, unsigned int insn_id); |
| 564 | |
| 565 | /* |
| 566 | Return friendly name of a group id (that an instruction can belong to) |
| 567 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 568 | |
| 569 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not |
| 570 | store group name. |
| 571 | |
| 572 | @handle: handle returned by cs_open() |
| 573 | @group_id: group id |
| 574 | |
| 575 | @return: string name of the group, or NULL if @group_id is invalid. |
| 576 | */ |
| 577 | CAPSTONE_EXPORT |
| 578 | const char * CAPSTONE_API cs_group_name(csh handle, unsigned int group_id); |
| 579 | |
| 580 | /* |
| 581 | Check if a disassembled instruction belong to a particular group. |
| 582 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 583 | Internally, this simply verifies if @group_id matches any member of insn->groups array. |
| 584 | |
| 585 | NOTE: this API is only valid when detail option is ON (which is OFF by default). |
| 586 | |
| 587 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not |
| 588 | update @groups array. |
| 589 | |
| 590 | @handle: handle returned by cs_open() |
| 591 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() |
| 592 | @group_id: group that you want to check if this instruction belong to. |
| 593 | |
| 594 | @return: true if this instruction indeed belongs to aboved group, or false otherwise. |
| 595 | */ |
| 596 | CAPSTONE_EXPORT |
| 597 | bool CAPSTONE_API cs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id); |
| 598 | |
| 599 | /* |
| 600 | Check if a disassembled instruction IMPLICITLY used a particular register. |
| 601 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 602 | Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. |
| 603 | |
| 604 | NOTE: this API is only valid when detail option is ON (which is OFF by default) |
| 605 | |
| 606 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not |
| 607 | update @regs_read array. |
| 608 | |
| 609 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() |
| 610 | @reg_id: register that you want to check if this instruction used it. |
| 611 | |
| 612 | @return: true if this instruction indeed implicitly used aboved register, or false otherwise. |
| 613 | */ |
| 614 | CAPSTONE_EXPORT |
| 615 | bool CAPSTONE_API cs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id); |
| 616 | |
| 617 | /* |
| 618 | Check if a disassembled instruction IMPLICITLY modified a particular register. |
| 619 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 620 | Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. |
| 621 | |
| 622 | NOTE: this API is only valid when detail option is ON (which is OFF by default) |
| 623 | |
| 624 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not |
| 625 | update @regs_write array. |
| 626 | |
| 627 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() |
| 628 | @reg_id: register that you want to check if this instruction modified it. |
| 629 | |
| 630 | @return: true if this instruction indeed implicitly modified aboved register, or false otherwise. |
| 631 | */ |
| 632 | CAPSTONE_EXPORT |
| 633 | bool CAPSTONE_API cs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id); |
| 634 | |
| 635 | /* |
| 636 | Count the number of operands of a given type. |
| 637 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 638 | |
| 639 | NOTE: this API is only valid when detail option is ON (which is OFF by default) |
| 640 | |
| 641 | @handle: handle returned by cs_open() |
| 642 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() |
| 643 | @op_type: Operand type to be found. |
| 644 | |
| 645 | @return: number of operands of given type @op_type in instruction @insn, |
| 646 | or -1 on failure. |
| 647 | */ |
| 648 | CAPSTONE_EXPORT |
| 649 | int CAPSTONE_API cs_op_count(csh handle, const cs_insn *insn, unsigned int op_type); |
| 650 | |
| 651 | /* |
| 652 | Retrieve the position of operand of given type in <arch>.operands[] array. |
| 653 | Later, the operand can be accessed using the returned position. |
| 654 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) |
| 655 | |
| 656 | NOTE: this API is only valid when detail option is ON (which is OFF by default) |
| 657 | |
| 658 | @handle: handle returned by cs_open() |
| 659 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() |
| 660 | @op_type: Operand type to be found. |
| 661 | @position: position of the operand to be found. This must be in the range |
| 662 | [1, cs_op_count(handle, insn, op_type)] |
| 663 | |
| 664 | @return: index of operand of given type @op_type in <arch>.operands[] array |
| 665 | in instruction @insn, or -1 on failure. |
| 666 | */ |
| 667 | CAPSTONE_EXPORT |
| 668 | int CAPSTONE_API cs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, |
| 669 | unsigned int position); |
| 670 | |
| 671 | #ifdef __cplusplus |
| 672 | } |
| 673 | #endif |
| 674 | |
| 675 | #endif |
| 676 |
Generated while processing qemu/disas.c
Generated on 2019-Sep-06 from project qemu revision 4.1.50
Powered by 
Code Browser 2.1
Generator usage only permitted with license.