suyu/dynarmic
28
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity
dynarmic/externals/zydis/examples/RewriteCode.c
Alexandre Bouvier cbeed6396f externals: Update zydis to 4.0.0 
Merge commit '6fa8d51479e9a5542c67bec715a1f68e7ed057ba'
2022-11-20 22:14:24 +01:00

173 lines
6.4 KiB
C
Raw Permalink Blame History

/***************************************************************************************************
Zyan Disassembler Library (Zydis)
Original Author : Joel Hoener
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
/**
* @file
*
* Example that takes raw instruction bytes as command line argument, decoding the instruction and
* changing a range of things about it before encoding it again, printing the new instruction bytes.
*
* `jz` instructions are rewritten to `jnz`, `add` is replaced with `sub`. Immediate operand
* constants are changed to `0x42` and the displacement in memory operands is changed to `0x1337`.
*
* The example always consumes and generates code in 64-bit mode.
*/
#include <Zydis/Zydis.h>
#include <Zycore/LibC.h>
#include <Zycore/API/Memory.h>
#include <inttypes.h>
/* ============================================================================================== */
/* Entry point */
/* ============================================================================================== */
static void ExpectSuccess(ZyanStatus status)
{
if (ZYAN_FAILED(status))
{
fprintf(stderr, "Something failed: 0x%08X\n", status);
exit(EXIT_FAILURE);
}
}
int main(int argc, char** argv)
{
if (argc < 2)
{
fprintf(stderr, "Usage example: %s e9 12 33 44 55", argc > 0 ? argv[0] : "<binary>");
exit(EXIT_FAILURE);
}
// Parse arguments.
uint8_t bytes[ZYDIS_MAX_INSTRUCTION_LENGTH];
size_t num_bytes = ZYAN_MIN(ZYDIS_MAX_INSTRUCTION_LENGTH, argc - 1);
for (size_t i = 0; i < num_bytes; ++i)
{
unsigned long int val = strtoul(argv[i + 1], NULL, 16);
if (errno == ERANGE)
{
fprintf(stderr, "Error: Received non-hex argument: %s", argv[i + 1]);
exit(EXIT_FAILURE);
}
if (val > UINT8_MAX)
{
fprintf(stderr, "Error: Argument value too large: %s. Expected byte.", argv[i + 1]);
exit(EXIT_FAILURE);
}
bytes[i] = (uint8_t)val;
}
// Initialize decoder in X86-64 mode.
ZydisDecoder decoder;
ExpectSuccess(ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_STACK_WIDTH_64));
// Attempt to decode the given bytes as an X86-64 instruction.
ZydisDecodedInstruction instr;
ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT];
ZyanStatus status = ZydisDecoderDecodeFull(&decoder, bytes, num_bytes, &instr, operands);
if (ZYAN_FAILED(status))
{
fprintf(stderr, "Failed to decode instruction: %02" PRIx32, status);
exit(EXIT_FAILURE);
}
// Initialize the formatter.
ZydisFormatter fmt;
ExpectSuccess(ZydisFormatterInit(&fmt, ZYDIS_FORMATTER_STYLE_INTEL));
// Format & print the original instruction.
char fmt_buf[256];
ExpectSuccess(ZydisFormatterFormatInstruction(&fmt, &instr, operands,
instr.operand_count_visible, fmt_buf, sizeof(fmt_buf), 0, NULL));
printf("Original instruction: %s\n", fmt_buf);
// Create an encoder request from the previously decoded instruction.
ZydisEncoderRequest enc_req;
ExpectSuccess(ZydisEncoderDecodedInstructionToEncoderRequest(&instr, operands,
instr.operand_count_visible, &enc_req));
// Now, change some things about the instruction!
// Change `jz` -> `jnz` and `add` -> `sub`.
switch (enc_req.mnemonic)
{
case ZYDIS_MNEMONIC_ADD:
enc_req.mnemonic = ZYDIS_MNEMONIC_SUB;
break;
case ZYDIS_MNEMONIC_JZ:
enc_req.mnemonic = ZYDIS_MNEMONIC_JNZ;
break;
default:
// Don't change other instructions.
break;
}
// Walk the operand list and look for things to change.
for (int i = 0; i < enc_req.operand_count; ++i)
{
ZydisEncoderOperand *op = &enc_req.operands[i];
switch (op->type)
{
case ZYDIS_OPERAND_TYPE_IMMEDIATE:
// For immediate operands, change the constant to `0x42`.
op->imm.u = 0x42;
break;
case ZYDIS_OPERAND_TYPE_MEMORY:
// For memory operands, change the displacement to `0x1337` and the scale to `2`.
op->mem.displacement = 0x1337;
break;
default:
// Any other operands remain unchanged.
break;
}
}
// Encode the instruction back to raw bytes.
uint8_t new_bytes[ZYDIS_MAX_INSTRUCTION_LENGTH];
ZyanUSize new_instr_length = sizeof(new_bytes);
ExpectSuccess(ZydisEncoderEncodeInstruction(&enc_req, new_bytes, &new_instr_length));
// Decode and print the new instruction. We re-use the old buffers.
ExpectSuccess(ZydisDecoderDecodeFull(&decoder, new_bytes, new_instr_length, &instr,
operands));
ExpectSuccess(ZydisFormatterFormatInstruction(&fmt, &instr, operands,
instr.operand_count_visible, fmt_buf, sizeof(fmt_buf), 0, NULL));
printf("New instruction: %s\n", fmt_buf);
// Print the new instruction as hex-bytes.
printf("New raw bytes: ");
for (ZyanUSize i = 0; i < new_instr_length; ++i)
{
printf("%02" PRIx8 " ", new_bytes[i]);
}
putchar('\n');
}
/* ============================================================================================== */
Reference in a new issue View git blame Copy permalink