Expand description
bad64
bad64 is a set of Rust bindings to the Binja Arm64 Disassembler.
For more information about the disassembler, please see the upstream repo.
There are two main entry points:
decode
for decoding a single instruction.
use bad64::{decode, Op};
// nop - "\x1f\x20\x03\xd5"
let decoded = decode(0xd503201f, 0x1000).unwrap();
assert_eq!(decoded.address(), 0x1000);
assert_eq!(decoded.operands().len(), 0);
assert_eq!(decoded.op(), Op::NOP);
assert_eq!(decoded.op().mnem(), "nop");
disasm
for disassembling a byte sequence.
use bad64::{disasm, Op, Operand, Reg, Imm};
// 1000: str x0, [sp, #-16]! ; "\xe0\x0f\x1f\xf8"
// 1004: ldr x0, [sp], #16 ; "\xe0\x07\x41\xf8"
let mut decoded_iter = disasm(b"\xe0\x0f\x1f\xf8\xe0\x07\x41\xf8", 0x1000);
let push = decoded_iter.next().unwrap().unwrap();
// check out the push
assert_eq!(push.address(), 0x1000);
assert_eq!(push.operands().len(), 2);
assert_eq!(push.op(), Op::STR);
assert_eq!(
push.operands()[0],
Operand::Reg { reg: Reg::X0, arrspec: None }
);
assert_eq!(
push.operands()[1],
Operand::MemPreIdx { reg: Reg::SP, imm: Imm::Signed(-16) }
);
assert_eq!(push.operands().get(2), None);
let pop = decoded_iter.next().unwrap().unwrap();
// check out the pop
assert_eq!(pop.address(), 0x1004);
assert_eq!(pop.operands().len(), 2);
assert_eq!(pop.op(), Op::LDR);
assert_eq!(
pop.operands().get(0),
Some(&Operand::Reg { reg: Reg::X0, arrspec: None })
);
assert_eq!(
pop.operands().get(1),
Some(&Operand::MemPostIdxImm { reg: Reg::SP, imm: Imm::Signed(16) })
);
assert_eq!(pop.operands().get(2), None);
// make sure there's nothing left
assert_eq!(decoded_iter.next(), None);
Structs
- A decoded instruction
Enums
- An arrangement specifier
- A condition
- Decoding errors types
- The semantic meaning of the flag setting
- An instruction immediate
- An instruction operation
- An instruction operand
- A register
- A shift applied to a register or immediate
- A system register
Functions
- Decode a single instruction
- Disassemble byte slice