AED_X86_DECODER(3)

NAME

AED_x86_decoder_init, AED_x86_decoder_decode, AED_x86_decoder_get_error, AED_x86_mnemonic AED_x86_instruction_get_mnemonic, AED_x86_iform AED_x86_instruction_get_iform, AED_x86_instruction_get_map, AED_x86_instruction_get_op, AED_x86_instruction_get_length, AED_x86_instruction_get_noperands, AED_x86_instruction_get_prefix_os, AED_x86_instruction_get_prefix_segment, AED_x86_instruction_get_immediate, AED_x86_instruction_get_memory_base, AED_x86_instruction_get_memory_base_number, AED_x86_instruction_get_memory_disp, AED_x86_instruction_get_memory_disp_size, AED_x86_instruction_get_memory_index, AED_x86_instruction_get_memory_index_number, AED_x86_instruction_get_memory_index_scale, AED_x86_instruction_get_offset, AED_x86_instruction_get_register, AED_x86_instruction_get_register_number, AED_x86_instruction_get_segment, AED_x86_instruction_get_size, AED_x86_instruction_is_gpr, AED_x86_instruction_is_immediate, AED_x86_instruction_is_memory — aed x86 decoder functions

SYNOPSIS

/* -laed */
#include <aed/x86.h>

typedef union AED_x86_int {
	uint64_t u64;
	uint32_t u32;
	uint16_t u16;
	uint8_t  u8;
	int64_t  i64;
	int32_t  i32;
	int16_t  i16;
	int8_t   i8;
} AED_x86_int;

void
AED_x86_decoder_init(void);

int
AED_x86_decoder_decode(const uint8_t *buf, size_t buflen, AED_x86_instruction *inst, uint32_t ninst, uint64_t addr, uint32_t flags);

const char *
AED_x86_decoder_get_error(int);

AED_x86_mnemonic
AED_x86_instruction_get_mnemonic(const AED_x86_instruction *inst);

AED_x86_iform
AED_x86_instruction_get_iform(const AED_x86_instruction *inst);

uint8_t
AED_x86_instruction_get_map(const AED_x86_instruction *inst);

uint8_t
AED_x86_instruction_get_op(const AED_x86_instruction *inst);

uint8_t
AED_x86_instruction_get_length(const AED_x86_instruction *inst);

uint8_t
AED_x86_instruction_get_noperands(const AED_x86_instruction *inst);

int
AED_x86_instruction_get_prefix_os(const AED_x86_instruction *inst);

AED_x86_segment
AED_x86_instruction_get_prefix_segment(const AED_x86_instruction *inst);

AED_x86_int
AED_x86_instruction_get_immediate(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_register
AED_x86_instruction_get_memory_base(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_memory_base_number(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_register
AED_x86_instruction_get_memory_index(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_memory_index_number(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_memory_index_scale(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_memory_disp(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_memory_disp_size(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_offset(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_register
AED_x86_instruction_get_register(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_register_number(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_segment
AED_x86_instruction_get_segment(const AED_x86_instruction *inst, uint8_t operand);

AED_x86_int
AED_x86_instruction_get_size(const AED_x86_instruction *inst, uint8_t operand);

int
AED_x86_instruction_is_gpr(const AED_x86_instruction *inst, uint8_t operand);

int
AED_x86_instruction_is_immediate(const AED_x86_instruction *inst, uint8_t operand);

int
AED_x86_instruction_is_memory(const AED_x86_instruction *inst, uint8_t operand);

DESCRIPTION

The aed x86 decoder provides functions used to decode instructions targeting the x86 instruction set architecture.

The AED_x86_decoder_init() function must be called before calling any other function listed below. It is idempotent making it safe to call more than once.

The AED_x86_decoder_decode() function decodes at most ninst number of instructions from buf by consuming at most buflen number of bytes. On success, a positive number is returned representing the number of decoded instructions. On failure, a negative number is returned representing an error which can be further diagnosed using AED_x86_decoder_get_error(). The addr can be used to decode as if the instructions resides at the given address in memory, influencing relative branches and offsets. The flags may be any combination of the following:

AED_X86_MODE_64: Decode in 64-bit mode. (default)
AED_X86_MODE_32: Decode in 32-bit mode.
AED_X86_MODE_16: Decode in 16-bit mode.
AED_X86_MACHINE_LATEST
AED_X86_MACHINE_VIA
AED_X86_MACHINE_NEHALEM
AED_X86_MACHINE_DIAMOND_RAPIDS
AED_X86_MACHINE_CLEARWATER_FOREST
AED_X86_MACHINE_PANTHER_LAKE
AED_X86_MACHINE_NOVA_LAKE: Micro architecture to target, defaults to AED_X86_MACHINE_LATEST.

The AED_x86_decoder_get_error() function returns a human readable representation of error which is required to be the return value of AED_x86_decoder_decode().

The AED_x86_instruction_get_mnemonic() function returns a numeric representation of the mnemonic from the decoded instruction.

The AED_x86_instruction_get_iform() function returns the instruction form.

The AED_x86_instruction_get_map() function returns the opcode map for the decoded instruction.

The AED_x86_instruction_get_op() function returns the opcode for the decoded instruction.

The AED_x86_instruction_get_length() function returns the length of the decoded instruction.

The AED_x86_instruction_get_noperands() function returns the number of operands for the decoded instruction.

The AED_x86_instruction_get_prefix_os() function returns non-zero if the decoded instruction has a operand size prefix.

The AED_x86_instruction_get_prefix_segment() function returns the segment for the decoded instruction. If no segment override prefix is present, AED_X86_DS is returned.

The AED_x86_instruction_get_immediate() function returns the immediate associated with the operand identified by the zero-based index operand.

The AED_x86_instruction_get_memory_base() function returns the memory base register associated with the operand identified by the zero-based index operand. If no such register is associated, zero is returned.

The AED_x86_instruction_get_memory_base_number() function returns the memory base register number associated with the operand identified by the zero-based index operand. The memory base register number is the encoded representation of the same register. If no such register is associated, -1 is returned.

The AED_x86_instruction_get_memory_index() function returns the memory index register associated with the operand identified by the zero-based index operand. If no such register is associated, zero is returned.

The AED_x86_instruction_get_memory_index_number() function returns the memory index register number associated with the operand identified by the zero-based index operand. The memory index register number is the encoded representation of the same register. If no such register is associated, -1 is returned.

The AED_x86_instruction_get_memory_index_scale() function returns the memory index register scaling factor associated with the operand identified by the zero-based index operand. If no memory index register is associated, -1 is returned.

The AED_x86_instruction_get_memory_disp() function returns the memory displacement associated with the operand identified by the zero-based index operand. In order to determine if a displacement is associated, use AED_x86_instruction_get_memory_disp_size().

The AED_x86_instruction_get_memory_disp_size() function returns the memory displacement size in bits associated with the operand identified by the zero-based index operand. If no memory displacement is associated, zero is returned.

The AED_x86_instruction_get_register_number() function returns the register number associated with the operand identified by the zero-based index operand. The register number is the encoded representation of the same register. If no such register is associated, -1 is returned.

The AED_x86_instruction_get_offset() function returns the offset associated with the operand identified by the zero-based index operand. An offset is the effective memory offset for relative branches and offsets taking addr into account.

The AED_x86_instruction_get_register() function returns the register associated with the operand identified by the zero-based index operand.

The AED_x86_instruction_get_segment() function returns the segment associated with the operand identified by the zero-based index operand.

The AED_x86_instruction_get_size() function returns the operand size in bits associated with the operand identified by the zero-based index operand.

The AED_x86_instruction_is_gpr() function returns non-zero if the operand identified by the zero-based index operand represents a General Purpose Register (GPR) operand. The AED_x86_instruction_is_immediate() function returns non-zero if the operand identified by the zero-based index operand represents an immediate.

The AED_x86_instruction_is_memory() functions returns non-zero if the operand identified by the zero-based index operand represents a memory operand.

EXAMPLES

#include <aed/x86.h>

int
main(void)
{
	AED_x86_decoder_init();

	const uint8_t raw[] = { 0x90, 0x00, 0x00 };
	const uint8_t *buf = raw;
	size_t buflen = sizeof(raw);
	while (buflen > 0) {
		AED_x86_instruction inst[1];
		int ninstr = AED_x86_decoder_decode(buf, buflen, inst, 1, 0, 0);
		if (ninstr < 0)
			errx(1, "%s", AED_x86_decoder_get_error(error));

		char buf[128];
		if (AED_x86_serialize(&inst[0], buf, sizeof(buf),
		    AED_X86_FORMAT_INTEL) > 0)
			printf("%s\n", buf);

		uint8_t len = AED_x86_instruction_get_length(&inst[0]);
		buf += len;
		buflen -= len;
	}

	return 0;
}

AUTHORS

Anton Lindqvist <anton@basename.se>

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES

SEE ALSO

AUTHORS