Fast and lightweight x86/x86-64 disassembler and code generation library.
- Supports all x86 and x86-64 (AMD64) instructions and extensions
- Optimized for high performance
- No dynamic memory allocation ("malloc")
- Thread-safe by design
- Very small file-size overhead compared to other common disassembler libraries
- Complete doxygen documentation
- Trusted by many major open-source projects
- Examples include x64dbg, Mozilla Firefox and Webkit
- Absolutely no third party dependencies — not even libc
- Should compile on any platform with a working C11 compiler
- Tested on Windows, macOS, FreeBSD, Linux and UEFI, both user and kernel mode
The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.
zydis/examples/DisassembleSimple.c
Lines 38 to 63 in 214536a
The above example program generates the following output:
007FFFFFFF400000 push rcx
007FFFFFFF400001 lea eax, [rbp-0x01]
007FFFFFFF400004 push rax
007FFFFFFF400005 push qword ptr [rbp+0x0C]
007FFFFFFF400008 push qword ptr [rbp+0x08]
007FFFFFFF40000B call [0x008000007588A5B1]
007FFFFFFF400011 test eax, eax
007FFFFFFF400013 js 0x007FFFFFFF42DB15Lines 39 to 62 in b37076e
The above example program generates the following output:
48 C7 C0 37 13 00 00
More examples can be found in the examples directory of this repository.
There are many ways to make Zydis available on your system. The following sub-sections list commonly used options.
Platforms: Windows, macOS, Linux, BSDs
You can use CMake to build Zydis on all supported platforms. Instructions on how to install CMake can be found here.
git clone --recursive 'https://github.com/zyantific/zydis.git'
cd zydis
cmake -B build
cmake --build build -j4Platforms: Windows
We manually maintain a Visual Studio 2022 project in addition to the CMake build logic.
Platforms: Windows
CMake can be instructed to generate a Visual Studio project for pretty much any VS version. A video guide describing how to use the CMake GUI to generate such project files is available here. Don't be confused by the apparent use of macOS in the video: Windows is simply running in a virtual machine.
Platforms: any platform with a working C11 compiler
We provide an auto-generated single header & single source file variant of Zydis. To use this variant
of Zydis in your project, all you need to do is to copy these two files into your project. The
amalgamated builds can be found on our release page
as zydis-amalgamated.tar.gz.
These files are generated with the amalgamate.py script.
Platforms: Windows, macOS, Linux, FreeBSD
Pre-built headers, shared libraries and executables are available through a variety of package managers.
Zydis version in various package repositories
| Repository | Install command |
|---|---|
| Arch Linux | pacman -S zydis |
| Debian | apt-get install libzydis-dev zydis-tools |
| Homebrew | brew install zydis |
| NixOS | nix-shell -p zydis |
| Ubuntu | apt-get install libzydis-dev zydis-tools |
| vcpkg | vcpkg install zydis |
An example on how to use Zydis in your own CMake based project can be found in this repo.
The ZydisInfo command-line tool can be used to inspect essentially all information
that Zydis provides about an instruction.
Official bindings exist for a selection of languages:
If you're looking for an asmjit-style assembler front-end for the encoder, check out zasm. zasm also provides an idiomatic C++ wrapper around the decoder and formatter interface.
Versions follow the semantic versioning scheme. All stability guarantees apply to the API only. ABI stability is provided only between patch versions.
masterholds the bleeding edge code of the next, unreleased Zydis version. Increased amounts of bugs and issues must be expected and API stability is not guaranteed outside of tagged commits.- Stable and preview versions are annotated with git tags
- beta and other preview versions have
-beta,-rc, etc. suffixes
- beta and other preview versions have
maintenance/v4points to the code of the latest release of v4- v4 is the latest stable major version and receives feature updates
maintenance/v3points to the code of the latest release of v3- v3 won't get any feature updates but will receive security updates until 2025
maintenance/v2points to the code of the last legacy release of v2- v2 is has reached end-of-life and won't receive any security updates
- Intel (for open-sourcing XED, allowing for automatic comparison of our tables against theirs, improving both)
- LLVM (for providing pretty solid instruction data as well)
- Christian Ludloff (https://sandpile.org, insanely helpful)
- LekoArts (for creating the project logo)
- Our contributors on GitHub
/usr/bin/ld: ./libfoo.a(foo.c.o): relocation R_X86_64_PC32 against symbol `bar' can not be used when making a shared object; recompile with -fPIC
Under some circumstances (e.g. when building Zydis as a static library using
CMake and then using Makefiles to manually link it into a shared library), CMake
might fail to detect that relocation information must be emitted. This can be forced
by passing -DCMAKE_POSITION_INDEPENDENT_CODE=ON to the CMake invocation.
We offer consulting services and professional business support for Zydis. If you need a custom extension, require help in integrating Zydis into your product or simply want contractually guaranteed updates and turnaround times, we are happy to assist with that! Please contact us at [email protected].
Donations are collected and distributed using flobernd's account.
Zydis is licensed under the MIT license.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent