Crate bad64

source ·
Expand description

bad64

bad64 is a set of Rust bindings to the Binja Arm64 Disassembler.

For more information about the disassembler, please see the upstream repo.

There are two main entry points:

  1. decode for decoding a single instruction.
use bad64::{decode, Op};
// nop - "\x1f\x20\x03\xd5"
let decoded = decode(0xd503201f, 0x1000).unwrap();

assert_eq!(decoded.address(), 0x1000);
assert_eq!(decoded.operands().len(), 0);
assert_eq!(decoded.op(), Op::NOP);
assert_eq!(decoded.op().mnem(), "nop");
  1. disasm for disassembling a byte sequence.
use bad64::{disasm, Op, Operand, Reg, Imm};

// 1000: str   x0, [sp, #-16]! ; "\xe0\x0f\x1f\xf8"
// 1004: ldr   x0, [sp], #16   ; "\xe0\x07\x41\xf8"
let mut decoded_iter = disasm(b"\xe0\x0f\x1f\xf8\xe0\x07\x41\xf8", 0x1000);

let push = decoded_iter.next().unwrap().unwrap();

// check out the push
assert_eq!(push.address(), 0x1000);
assert_eq!(push.operands().len(), 2);
assert_eq!(push.op(), Op::STR);
assert_eq!(
    push.operands()[0],
    Operand::Reg { reg: Reg::X0, arrspec: None }
);
assert_eq!(
    push.operands()[1],
    Operand::MemPreIdx { reg: Reg::SP, imm: Imm::Signed(-16) }
);
assert_eq!(push.operands().get(2), None);

let pop = decoded_iter.next().unwrap().unwrap();

// check out the pop
assert_eq!(pop.address(), 0x1004);
assert_eq!(pop.operands().len(), 2);
assert_eq!(pop.op(), Op::LDR);
assert_eq!(
    pop.operands().get(0),
    Some(&Operand::Reg { reg: Reg::X0, arrspec: None })
);
assert_eq!(
    pop.operands().get(1),
    Some(&Operand::MemPostIdxImm { reg: Reg::SP, imm: Imm::Signed(16) })
);
assert_eq!(pop.operands().get(2), None);

// make sure there's nothing left
assert_eq!(decoded_iter.next(), None);

Structs

Enums

Functions

  • Decode a single instruction
  • Disassemble byte slice