[−][src]Struct iced_x86::Decoder
Decodes 16/32/64-bit x86 instructions
Implementations
impl<'a> Decoder<'a>
[src]
#[must_use]pub fn new(bitness: u32, data: &'a [u8], options: u32) -> Decoder<'a>
[src]
Creates a decoder
Panics
Panics if bitness
is not one of 16, 32, 64.
Arguments
bitness
: 16, 32 or 64data
: Data to decodeoptions
: Decoder options,0
or eg.DecoderOptions::NO_INVALID_CHECK | DecoderOptions::AMD
Examples
use iced_x86::*; // xchg ah,[rdx+rsi+16h] // xacquire lock add dword ptr [rax],5Ah // vmovdqu64 zmm18{k3}{z},zmm11 let bytes = b"\x86\x64\x32\x16\xF0\xF2\x83\x00\x5A\x62\xC1\xFE\xCB\x6F\xD3"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); let instr1 = decoder.decode(); assert_eq!(Code::Xchg_rm8_r8, instr1.code()); assert_eq!(Mnemonic::Xchg, instr1.mnemonic()); assert_eq!(4, instr1.len()); let instr2 = decoder.decode(); assert_eq!(Code::Add_rm32_imm8, instr2.code()); assert_eq!(Mnemonic::Add, instr2.mnemonic()); assert_eq!(5, instr2.len()); let instr3 = decoder.decode(); assert_eq!(Code::EVEX_Vmovdqu64_zmm_k1z_zmmm512, instr3.code()); assert_eq!(Mnemonic::Vmovdqu64, instr3.mnemonic()); assert_eq!(6, instr3.len());
It's sometimes useful to decode some invalid instructions, eg. lock add esi,ecx
.
Pass in DecoderOptions::NO_INVALID_CHECK
to the constructor and the decoder
will decode some invalid encodings.
use iced_x86::*; // lock add esi,ecx ; lock not allowed let bytes = b"\xF0\x01\xCE"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); let instr = decoder.decode(); assert_eq!(Code::INVALID, instr.code()); // We want to decode some instructions with invalid encodings let mut decoder = Decoder::new(64, bytes, DecoderOptions::NO_INVALID_CHECK); decoder.set_ip(0x1234_5678); let instr = decoder.decode(); assert_eq!(Code::Add_rm32_r32, instr.code()); assert!(instr.has_lock_prefix());
#[must_use]pub fn ip(&self) -> u64
[src]
Gets the current IP
/EIP
/RIP
value, see also position()
pub fn set_ip(&mut self, new_value: u64)
[src]
Sets the current IP
/EIP
/RIP
value, see also set_position()
This method only updates the IP value, it does not change the data position, use set_position()
to change the position.
Arguments
new_value
: New IP
#[must_use]pub fn bitness(&self) -> u32
[src]
Gets the bitness (16, 32 or 64)
#[must_use]pub fn max_position(&self) -> usize
[src]
Gets the max value that can be passed to set_position()
. This is the size of the data that gets
decoded to instructions and it's the length of the slice that was passed to the constructor.
#[must_use]pub fn position(&self) -> usize
[src]
Gets the current data position. This value is always <= max_position()
.
When position()
== max_position()
, it's not possible to decode more
instructions and can_decode()
returns false
.
pub fn set_position(&mut self, new_pos: usize)
[src]
Sets the current data position, which is the index into the data passed to the constructor.
This value is always <= max_position()
Panics
Panics if the new position is invalid.
Arguments
new_pos
: New position and must be <=max_position()
Examples
use iced_x86::*; // nop and pause let bytes = b"\x90\xF3\x90"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); assert_eq!(0, decoder.position()); assert_eq!(3, decoder.max_position()); let instr = decoder.decode(); assert_eq!(1, decoder.position()); assert_eq!(Code::Nopd, instr.code()); let instr = decoder.decode(); assert_eq!(3, decoder.position()); assert_eq!(Code::Pause, instr.code()); // Start all over again decoder.set_position(0); decoder.set_ip(0x1234_5678); assert_eq!(0, decoder.position()); assert_eq!(Code::Nopd, decoder.decode().code()); assert_eq!(Code::Pause, decoder.decode().code()); assert_eq!(3, decoder.position());
#[must_use]pub fn can_decode(&self) -> bool
[src]
Returns true
if there's at least one more byte to decode. It doesn't verify that the
next instruction is valid, it only checks if there's at least one more byte to read.
See also position()
and max_position()
It's not required to call this method. If this method returns false
, then decode_out()
and decode()
will return an instruction whose code()
== Code::INVALID
.
Examples
use iced_x86::*; // nop and an incomplete instruction let bytes = b"\x90\xF3\x0F"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); // 3 bytes left to read assert!(decoder.can_decode()); let instr = decoder.decode(); assert_eq!(Code::Nopd, instr.code()); // 2 bytes left to read assert!(decoder.can_decode()); let instr = decoder.decode(); // Not enough bytes left to decode a full instruction assert_eq!(Code::INVALID, instr.code()); // 0 bytes left to read assert!(!decoder.can_decode());
pub fn iter<'b>(&'b mut self) -> DecoderIter<'a, 'b>ⓘNotable traits for DecoderIter<'a, 'b>
impl<'a, 'b> Iterator for DecoderIter<'a, 'b> type Item = Instruction;
[src]
Notable traits for DecoderIter<'a, 'b>
impl<'a, 'b> Iterator for DecoderIter<'a, 'b> type Item = Instruction;
Returns an iterator that borrows this instance to decode instructions until there's
no more data to decode, i.e., until can_decode()
returns false
.
Examples
use iced_x86::*; // nop and pause let bytes = b"\x90\xF3\x90"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); let mut iter = decoder.iter(); assert_eq!(Code::Nopd, iter.next().unwrap().code()); assert_eq!(Code::Pause, iter.next().unwrap().code()); assert!(iter.next().is_none());
For loop
use iced_x86::*; let bytes = b"\x90\xF3\x90"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); for instr in &mut decoder { // or decoder.iter() println!("code: {:?}", instr.code()); }
#[must_use]pub fn invalid_no_more_bytes(&self) -> bool
[src]
Use last_error() instead
This method can be called after calling decode()
and decode_out()
to check if the
decoded instruction is invalid because there's no more bytes left or because of bad input data.
#[must_use]pub fn last_error(&self) -> DecoderError
[src]
Gets the last decoder error. Unless you need to know the reason it failed,
it's better to check instruction.is_invalid()
.
#[must_use]pub fn decode(&mut self) -> Instruction
[src]
Decodes and returns the next instruction, see also decode_out(&mut Instruction)
which avoids copying the decoded instruction to the caller's return variable.
See also last_error()
.
Examples
use iced_x86::*; // xrelease lock add [rax],ebx let bytes = b"\xF0\xF3\x01\x18"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); let instr = decoder.decode(); assert_eq!(Code::Add_rm32_r32, instr.code()); assert_eq!(Mnemonic::Add, instr.mnemonic()); assert_eq!(4, instr.len()); assert_eq!(2, instr.op_count()); assert_eq!(OpKind::Memory, instr.op0_kind()); assert_eq!(Register::RAX, instr.memory_base()); assert_eq!(Register::None, instr.memory_index()); assert_eq!(1, instr.memory_index_scale()); assert_eq!(0, instr.memory_displacement()); assert_eq!(Register::DS, instr.memory_segment()); assert_eq!(Register::None, instr.segment_prefix()); assert_eq!(MemorySize::UInt32, instr.memory_size()); assert_eq!(OpKind::Register, instr.op1_kind()); assert_eq!(Register::EBX, instr.op1_register()); assert!(instr.has_lock_prefix()); assert!(instr.has_xrelease_prefix());
pub fn decode_out(&mut self, instruction: &mut Instruction)
[src]
Decodes the next instruction. The difference between this method and decode()
is that this
method doesn't need to copy the result to the caller's return variable (saves 32-bytes of copying).
See also last_error()
.
Arguments
instruction
: Updated with the decoded instruction. All fields are initialized (it's anout
argument)
Examples
use iced_x86::*; // xrelease lock add [rax],ebx let bytes = b"\xF0\xF3\x01\x18"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); let mut instr = Instruction::default(); decoder.decode_out(&mut instr); assert_eq!(Code::Add_rm32_r32, instr.code()); assert_eq!(Mnemonic::Add, instr.mnemonic()); assert_eq!(4, instr.len()); assert_eq!(2, instr.op_count()); assert_eq!(OpKind::Memory, instr.op0_kind()); assert_eq!(Register::RAX, instr.memory_base()); assert_eq!(Register::None, instr.memory_index()); assert_eq!(1, instr.memory_index_scale()); assert_eq!(0, instr.memory_displacement()); assert_eq!(Register::DS, instr.memory_segment()); assert_eq!(Register::None, instr.segment_prefix()); assert_eq!(MemorySize::UInt32, instr.memory_size()); assert_eq!(OpKind::Register, instr.op1_kind()); assert_eq!(Register::EBX, instr.op1_register()); assert!(instr.has_lock_prefix()); assert!(instr.has_xrelease_prefix());
#[must_use]pub fn get_constant_offsets(&self, instruction: &Instruction) -> ConstantOffsets
[src]
Gets the offsets of the constants (memory displacement and immediate) in the decoded instruction. The caller can check if there are any relocations at those addresses.
Arguments
instruction
: The latest instruction that was decoded by this decoder
Examples
use iced_x86::*; // nop // xor dword ptr [rax-5AA5EDCCh],5Ah // 00 01 02 03 04 05 06 // \opc\mrm\displacement___\imm let bytes = b"\x90\x83\xB3\x34\x12\x5A\xA5\x5A"; let mut decoder = Decoder::new(64, bytes, DecoderOptions::NONE); decoder.set_ip(0x1234_5678); assert_eq!(Code::Nopd, decoder.decode().code()); let instr = decoder.decode(); let co = decoder.get_constant_offsets(&instr); assert!(co.has_displacement()); assert_eq!(2, co.displacement_offset()); assert_eq!(4, co.displacement_size()); assert!(co.has_immediate()); assert_eq!(6, co.immediate_offset()); assert_eq!(1, co.immediate_size()); // It's not an instruction with two immediates (e.g. enter) assert!(!co.has_immediate2()); assert_eq!(0, co.immediate_offset2()); assert_eq!(0, co.immediate_size2());
Trait Implementations
impl<'a> IntoIterator for Decoder<'a>
[src]
type Item = Instruction
The type of the elements being iterated over.
type IntoIter = DecoderIntoIter<'a>
Which kind of iterator are we turning this into?
#[must_use]pub fn into_iter(self) -> Self::IntoIter
[src]
impl<'a: 'b, 'b> IntoIterator for &'b mut Decoder<'a>
[src]
type Item = Instruction
The type of the elements being iterated over.
type IntoIter = DecoderIter<'a, 'b>
Which kind of iterator are we turning this into?
pub fn into_iter(self) -> Self::IntoIter
[src]
Auto Trait Implementations
impl<'a> RefUnwindSafe for Decoder<'a>
impl<'a> !Send for Decoder<'a>
impl<'a> !Sync for Decoder<'a>
impl<'a> Unpin for Decoder<'a>
impl<'a> UnwindSafe for Decoder<'a>
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,