Skip to content

Commit

Permalink
README: include Disassemble example via permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
athre0z committed Jul 29, 2022
1 parent 5e61af3 commit b37076e
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 52 deletions.
52 changes: 1 addition & 51 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,57 +28,7 @@

The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console ([more examples here](./examples/)).

```C
#include <stdio.h>
#include <inttypes.h>
#include <Zydis/Zydis.h>

int main()
{
ZyanU8 data[] =
{
0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,
0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,
0x88, 0xFC, 0xDA, 0x02, 0x00
};

// Initialize decoder context
ZydisDecoder decoder;
ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_STACK_WIDTH_64);

// Initialize formatter. Only required when you actually plan to do instruction
// formatting ("disassembling"), like we do here
ZydisFormatter formatter;
ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);

// Loop over the instructions in our buffer.
// The runtime-address (instruction pointer) is chosen arbitrary here in order to better
// visualize relative addressing
ZyanU64 runtime_address = 0x007FFFFFFF400000;
ZyanUSize offset = 0;
const ZyanUSize length = sizeof(data);
ZydisDecodedInstruction instruction;
ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(&decoder, data + offset, length - offset,
&instruction, operands, ZYDIS_MAX_OPERAND_COUNT_VISIBLE,
ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY)))
{
// Print current instruction pointer.
printf("%016" PRIX64 " ", runtime_address);

// Format & print the binary instruction structure to human-readable format
char buffer[256];
ZydisFormatterFormatInstruction(&formatter, &instruction, operands,
instruction.operand_count_visible, buffer, sizeof(buffer), runtime_address, ZYAN_NULL);
puts(buffer);

offset += instruction.length;
runtime_address += instruction.length;
}

return 0;
}
```
https://github.com/zyantific/zydis/blob/9cb54996c215422a398d7d2a287a08a185344200/examples/Disassemble.c#L27-L75

## Sample Output

Expand Down
2 changes: 1 addition & 1 deletion examples/Disassemble.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,4 +72,4 @@ int main()
}

return 0;
}
}

0 comments on commit b37076e

Please sign in to comment.