[][src]Struct iced_x86::Decoder

pub struct Decoder<'a> { /* fields omitted */ }

Decodes 16/32/64-bit x86 instructions

Methods

impl<'a> Decoder<'a>[src]

#[must_use]pub fn new(bitness: u32, data: &'a [u8], options: u32) -> Decoder<'a>[src]

Creates a decoder

Panics

Panics if bitness is not one of 16, 32, 64.

Arguments

  • bitness: 16, 32 or 64
  • data: Data to decode
  • options: Decoder options, 0 or eg. DecoderOptions::NO_INVALID_CHECK | DecoderOptions::AMD_BRANCHES

Examples

use iced_x86::*;

// xchg ah,[rdx+rsi+16h]
// xacquire lock add dword ptr [rax],5Ah
// vmovdqu64 zmm18{k3}{z},zmm11
let bytes = b"\x86\x64\x32\x16\xF0\xF2\x83\x00\x5A\x62\xC1\xFE\xCB\x6F\xD3";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);

let instr1 = decoder.decode();
assert_eq!(Code::Xchg_rm8_r8, instr1.code());
assert_eq!(Mnemonic::Xchg, instr1.mnemonic());
assert_eq!(4, instr1.len());

let instr2 = decoder.decode();
assert_eq!(Code::Add_rm32_imm8, instr2.code());
assert_eq!(Mnemonic::Add, instr2.mnemonic());
assert_eq!(5, instr2.len());

let instr3 = decoder.decode();
assert_eq!(Code::EVEX_Vmovdqu64_zmm_k1z_zmmm512, instr3.code());
assert_eq!(Mnemonic::Vmovdqu64, instr3.mnemonic());
assert_eq!(6, instr3.len());

It's sometimes useful to decode some invalid instructions, eg. lock add esi,ecx. Pass in DecoderOptions::NO_INVALID_CHECK to the constructor and the decoder will decode some invalid encodings.

use iced_x86::*;

// lock add esi,ecx   ; lock not allowed
let bytes = b"\xF0\x01\xCE";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);
let instr = decoder.decode();
assert_eq!(Code::INVALID, instr.code());

// We want to decode some instructions with invalid encodings
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NO_INVALID_CHECK);
decoder.set_ip(0x1234_5678);
let instr = decoder.decode();
assert_eq!(Code::Add_rm32_r32, instr.code());
assert!(instr.has_lock_prefix());

#[must_use]pub fn ip(&self) -> u64[src]

Gets the current IP/EIP/RIP value, see also position()

pub fn set_ip(&mut self, new_value: u64)[src]

Sets the current IP/EIP/RIP value, see also set_position()

Arguments

  • new_value: New IP

#[must_use]pub fn bitness(&self) -> u32[src]

Gets the bitness (16, 32 or 64)

#[must_use]pub fn max_position(&self) -> usize[src]

Gets the max value that can be passed to set_position(). This is the size of the data that gets decoded to instructions and it's the length of the slice that was passed to the constructor.

#[must_use]pub fn position(&self) -> usize[src]

Gets the current data position. This value is always <= max_position(). When position() == max_position(), it's not possible to decode more instructions and can_decode() returns false.

pub fn set_position(&mut self, new_pos: usize)[src]

Sets the current data position, which is the index into the data passed to the constructor. This value is always <= max_position()

Panics

Panics if the new position is invalid.

Arguments

Examples

use iced_x86::*;

// nop and pause
let bytes = b"\x90\xF3\x90";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);

assert_eq!(0, decoder.position());
assert_eq!(3, decoder.max_position());
let instr = decoder.decode();
assert_eq!(1, decoder.position());
assert_eq!(Code::Nopd, instr.code());

let instr = decoder.decode();
assert_eq!(3, decoder.position());
assert_eq!(Code::Pause, instr.code());

// Start all over again
decoder.set_position(0);
assert_eq!(0, decoder.position());
assert_eq!(Code::Nopd, decoder.decode().code());
assert_eq!(Code::Pause, decoder.decode().code());
assert_eq!(3, decoder.position());

#[must_use]pub fn can_decode(&self) -> bool[src]

Returns true if there's at least one more byte to decode. It doesn't verify that the next instruction is valid, it only checks if there's at least one more byte to read. See also position() and max_position()

It's not required to call this method. If this method returns false, then decode_out() and decode() will return an instruction whose code() == Code::INVALID.

Examples

use iced_x86::*;

// nop and an incomplete instruction
let bytes = b"\x90\xF3\x0F";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);

// 3 bytes left to read
assert!(decoder.can_decode());
let instr = decoder.decode();
assert_eq!(Code::Nopd, instr.code());

// 2 bytes left to read
assert!(decoder.can_decode());
let instr = decoder.decode();
// Not enough bytes left to decode a full instruction
assert_eq!(Code::INVALID, instr.code());

// 0 bytes left to read
assert!(!decoder.can_decode());

pub fn iter<'b>(&'b mut self) -> DecoderIter<'a, 'b>[src]

Returns an iterator that borrows this instance to decode instructions until there's no more data to decode, i.e., until can_decode() returns false.

Examples

use iced_x86::*;

// nop and pause
let bytes = b"\x90\xF3\x90";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);

let mut iter = decoder.iter();
assert_eq!(Code::Nopd, iter.next().unwrap().code());
assert_eq!(Code::Pause, iter.next().unwrap().code());
assert!(iter.next().is_none());

For loop

use iced_x86::*;

let bytes = b"\x90\xF3\x90";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);

for instr in &mut decoder { // or decoder.iter()
    println!("code: {:?}", instr.code());
}

#[must_use]pub fn invalid_no_more_bytes(&self) -> bool[src]

This method can be called after calling decode() and decode_out() to check if the decoded instruction is invalid because there's no more bytes left or because of bad input data.

#[must_use]pub fn decode(&mut self) -> Instruction[src]

Decodes and returns the next instruction, see also decode_out(&mut Instruction) which avoids copying the decoded instruction to the caller's return variable. See also invalid_no_more_bytes().

Examples

use iced_x86::*;

// xrelease lock add [rax],ebx
let bytes = b"\xF0\xF3\x01\x18";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);
let instr = decoder.decode();

assert_eq!(Code::Add_rm32_r32, instr.code());
assert_eq!(Mnemonic::Add, instr.mnemonic());
assert_eq!(4, instr.len());
assert_eq!(2, instr.op_count());

assert_eq!(OpKind::Memory, instr.op0_kind());
assert_eq!(Register::RAX, instr.memory_base());
assert_eq!(Register::None, instr.memory_index());
assert_eq!(1, instr.memory_index_scale());
assert_eq!(0, instr.memory_displacement());
assert_eq!(Register::DS, instr.memory_segment());
assert_eq!(Register::None, instr.segment_prefix());
assert_eq!(MemorySize::UInt32, instr.memory_size());

assert_eq!(OpKind::Register, instr.op1_kind());
assert_eq!(Register::EBX, instr.op1_register());

assert!(instr.has_lock_prefix());
assert!(instr.has_xrelease_prefix());

pub fn decode_out(&mut self, instruction: &mut Instruction)[src]

Decodes the next instruction. The difference between this method and decode() is that this method doesn't need to copy the result to the caller's return variable (saves 32-bytes of copying). See also invalid_no_more_bytes().

Arguments

  • instruction: Updated with the decoded instruction. All fields are initialized (it's an out argument)

Examples

use iced_x86::*;

// xrelease lock add [rax],ebx
let bytes = b"\xF0\xF3\x01\x18";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);
// or use core::mem::MaybeUninit:
//    let mut instr = unsafe { core::mem::MaybeUninit::uninit().assume_init() };
// to not clear `instr` more than once (`decode_out()` initializes all its fields).
let mut instr = Instruction::default();
decoder.decode_out(&mut instr);

assert_eq!(Code::Add_rm32_r32, instr.code());
assert_eq!(Mnemonic::Add, instr.mnemonic());
assert_eq!(4, instr.len());
assert_eq!(2, instr.op_count());

assert_eq!(OpKind::Memory, instr.op0_kind());
assert_eq!(Register::RAX, instr.memory_base());
assert_eq!(Register::None, instr.memory_index());
assert_eq!(1, instr.memory_index_scale());
assert_eq!(0, instr.memory_displacement());
assert_eq!(Register::DS, instr.memory_segment());
assert_eq!(Register::None, instr.segment_prefix());
assert_eq!(MemorySize::UInt32, instr.memory_size());

assert_eq!(OpKind::Register, instr.op1_kind());
assert_eq!(Register::EBX, instr.op1_register());

assert!(instr.has_lock_prefix());
assert!(instr.has_xrelease_prefix());

#[must_use]pub fn get_constant_offsets(&self, instruction: &Instruction) -> ConstantOffsets[src]

Gets the offsets of the constants (memory displacement and immediate) in the decoded instruction. The caller can check if there are any relocations at those addresses.

Arguments

  • instruction: The latest instruction that was decoded by this decoder

Examples

use iced_x86::*;

// nop
// xor dword ptr [rax-5AA5EDCCh],5Ah
//                  00  01  02  03  04  05  06
//                \opc\mrm\displacement___\imm
let bytes = b"\x90\x83\xB3\x34\x12\x5A\xA5\x5A";
let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE);
decoder.set_ip(0x1234_5678);
assert_eq!(Code::Nopd, decoder.decode().code());
let instr = decoder.decode();
let co = decoder.get_constant_offsets(&instr);

assert!(co.has_displacement());
assert_eq!(2, co.displacement_offset());
assert_eq!(4, co.displacement_size());
assert!(co.has_immediate());
assert_eq!(6, co.immediate_offset());
assert_eq!(1, co.immediate_size());
// It's not an instruction with two immediates (e.g. enter)
assert!(!co.has_immediate2());
assert_eq!(0, co.immediate_offset2());
assert_eq!(0, co.immediate_size2());

Trait Implementations

impl<'a> Debug for Decoder<'a>[src]

impl<'a> IntoIterator for Decoder<'a>[src]

type Item = Instruction

The type of the elements being iterated over.

type IntoIter = DecoderIntoIter<'a>

Which kind of iterator are we turning this into?

impl<'a: 'b, 'b> IntoIterator for &'b mut Decoder<'a>[src]

type Item = Instruction

The type of the elements being iterated over.

type IntoIter = DecoderIter<'a, 'b>

Which kind of iterator are we turning this into?

Auto Trait Implementations

impl<'a> RefUnwindSafe for Decoder<'a>

impl<'a> !Send for Decoder<'a>

impl<'a> !Sync for Decoder<'a>

impl<'a> Unpin for Decoder<'a>

impl<'a> UnwindSafe for Decoder<'a>

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<I> IntoIterator for I where
    I: Iterator[src]

type Item = <I as Iterator>::Item

The type of the elements being iterated over.

type IntoIter = I

Which kind of iterator are we turning this into?

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.