Giter Site home page Giter Site logo

zydis-go's Introduction

zydis logo Go

License: MIT GitHub Actions Gitter Discord

Fast and lightweight x86/x86-64 disassembler and code generation library.

Features

  • Optimized for high performance, runs almost as fast as native Zydis
  • No dependencies on Cgo
  • Thread-safe by design
  • Very small file-size overhead compared to other common disassembler libraries
  • Supports all x86 and x86-64 (AMD64) instructions

Examples

Disassembler

The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

zydis-go/examples/disasm-simple/main.go

Lines 12 to 42 in 229b8bb

data := []byte{
0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,
0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,
0x88, 0xFC, 0xDA, 0x02, 0x00,
}
// The runtime address (instruction pointer) was chosen arbitrarily here in order to better
// visualize relative addressing. In your actual program, set this to e.g. the memory address
// that the code being disassembled was read from.
runtimeAddress := uintptr(0x007FFFFFFF400000)
// Loop over the instructions in our buffer.
offset := 0
insn := zydis.DisassembledInstruction{}
for offset < len(data) {
status := zydis.DisassembleIntel(
zydis.MACHINE_MODE_LONG_64,
uint64(runtimeAddress),
unsafe.Pointer(&data[offset]),
uint64(len(data)-offset),
&insn,
)
if !zydis.Ok(status) {
break
}
textEnd := bytes.IndexByte(insn.Text[:], 0)
fmt.Printf("%016X %s\n", runtimeAddress, string(insn.Text[:textEnd]))
offset += int(insn.Info.Length)
runtimeAddress += uintptr(insn.Info.Length)
}

The above example program generates the following output:

007FFFFFFF400000  push rcx
007FFFFFFF400001  lea eax, [rbp-0x01]
007FFFFFFF400004  push rax
007FFFFFFF400005  push [rbp+0x0C]
007FFFFFFF400008  push [rbp+0x08]
007FFFFFFF40000B  call [0x008000007588A5B1]
007FFFFFFF400011  test eax, eax
007FFFFFFF400013  js 0x007FFFFFFF42DB15

Encoder

zydis-go/examples/encode-simple/main.go

Lines 11 to 32 in 229b8bb

req := zydis.EncoderRequest{
Mnemonic: zydis.MNEMONIC_MOV,
MachineMode: zydis.MACHINE_MODE_LONG_64,
OperandCount: 2,
Operands: [5]zydis.EncoderOperand{
{Type: zydis.OPERAND_TYPE_REGISTER},
{Type: zydis.OPERAND_TYPE_IMMEDIATE},
},
}
req.Operands[0].Reg.Value = zydis.REGISTER_RAX
req.Operands[1].Imm.SetU(0x1337)
encodedInsn := [16]byte{}
encodedLength := uint64(len(encodedInsn))
if !zydis.Ok(req.EncodeInstruction(unsafe.Pointer(&encodedInsn[0]), &encodedLength)) {
fmt.Println("Failed to encode instruction")
return
}
for i := uint64(0); i < encodedLength; i++ {
fmt.Printf("%02X ", encodedInsn[i])
}

The above example program generates the following output:

48 C7 C0 37 13 00 00

More Examples

More examples can be found in the examples directory of this repository.

Build

Simply get the package using go get:

go get -u github.com/zyantific/zydis-go

If you are not on Windows AMD64 or Linux AMD64, you need to build the Zydis library for your platform and place the shared library nearby your executable. You can find the instructions for building the Zydis library here.

License

zydis-go is licensed under the MIT license, Zydis's license also applies under the same terms. See LICENSE.md for more information.

zydis-go's People

Contributors

can1357 avatar

Stargazers

Ege Balcı avatar avatar Joel Höner avatar Alexander Hanel avatar astro avatar kanren3 avatar Alec avatar

Watchers

avatar avatar

Forkers

gmh5225

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.