Decouple operand decoding

Author: flobernd

README.md

@@ -57,17 +57,20 @@ int main()
     ZyanU64 runtime_address = 0x007FFFFFFF400000;
     ZyanUSize offset = 0;
     const ZyanUSize length = sizeof(data);
+    ZydisDecoderContext context;
     ZydisDecodedInstruction instruction;
-    while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(&decoder, data + offset, length - offset,
-        &instruction)))
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
+    while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(&decoder, data + offset, length - offset,
+        &instruction, operands, ZYDIS_MAX_OPERAND_COUNT_VISIBLE, 
+        ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY)))
     {
         // Print current instruction pointer.
         printf("%016" PRIX64 "  ", runtime_address);
 
         // Format & print the binary instruction structure to human readable format
         char buffer[256];
-        ZydisFormatterFormatInstruction(&formatter, &instruction, buffer, sizeof(buffer),
-            runtime_address);
+        ZydisFormatterFormatInstruction(&formatter, &instruction, &operands, 
+            instruction.operand_count_visible, buffer, sizeof(buffer), runtime_address);
         puts(buffer);
 
         offset += instruction.length;

examples/Formatter01.c

@@ -115,15 +115,20 @@ static void DisassembleBuffer(ZydisDecoder* decoder, ZyanU8* data, ZyanUSize len
     ZyanU64 runtime_address = 0x007FFFFFFF400000;
 
     ZydisDecodedInstruction instruction;
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
     char buffer[256];
-    while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(decoder, data, length, &instruction)))
+
+    while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(decoder, data, length, &instruction, operands,
+        ZYDIS_MAX_OPERAND_COUNT_VISIBLE, ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY)))
     {
         ZYAN_PRINTF("%016" PRIX64 "  ", runtime_address);
+
         // We have to pass a `runtime_address` different to `ZYDIS_RUNTIME_ADDRESS_NONE` to
         // enable printing of absolute addresses
-        ZydisFormatterFormatInstruction(&formatter, &instruction, &buffer[0], sizeof(buffer),
-            runtime_address);
+        ZydisFormatterFormatInstruction(&formatter, &instruction, operands,
+            instruction.operand_count_visible, &buffer[0], sizeof(buffer), runtime_address);
         ZYAN_PRINTF(" %s\n", &buffer[0]);
+
         data += instruction.length;
         length -= instruction.length;
         runtime_address += instruction.length;

examples/Formatter02.c

@@ -108,16 +108,16 @@ static ZyanStatus ZydisFormatterPrintMnemonic(const ZydisFormatter* formatter,
     user_data->omit_immediate = ZYAN_TRUE;
 
     // Rewrite the instruction-mnemonic for the given instructions
-    if (context->instruction->operand_count &&
-        context->instruction->operands[context->instruction->operand_count - 1].type ==
+    if (context->instruction->operand_count_visible &&
+        context->operands[context->instruction->operand_count_visible - 1].type ==
         ZYDIS_OPERAND_TYPE_IMMEDIATE)
     {
         // Retrieve the `ZyanString` instance of the formatter-buffer
         ZyanString* string;
         ZYAN_CHECK(ZydisFormatterBufferGetString(buffer, &string));
 
-        const ZyanU8 condition_code = (ZyanU8)context->instruction->operands[
-            context->instruction->operand_count - 1].imm.value.u;
+        const ZyanU8 condition_code = (ZyanU8)context->operands[
+            context->instruction->operand_count_visible - 1].imm.value.u;
         switch (context->instruction->mnemonic)
         {
         case ZYDIS_MNEMONIC_CMPPS:
@@ -211,14 +211,20 @@ static void DisassembleBuffer(ZydisDecoder* decoder, ZyanU8* data, ZyanUSize len
     ZyanU64 runtime_address = 0x007FFFFFFF400000;
 
     ZydisDecodedInstruction instruction;
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
     ZydisCustomUserData user_data;
     char buffer[256];
-    while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(decoder, data, length, &instruction)))
+
+    while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(decoder, data, length, &instruction, operands,
+        ZYDIS_MAX_OPERAND_COUNT_VISIBLE, ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY)))
     {
         ZYAN_PRINTF("%016" PRIX64 "  ", runtime_address);
-        ZydisFormatterFormatInstructionEx(&formatter, &instruction, &buffer[0], sizeof(buffer),
-            runtime_address, &user_data);
+
+        ZydisFormatterFormatInstructionEx(&formatter, &instruction, operands,
+            instruction.operand_count_visible, &buffer[0], sizeof(buffer), runtime_address,
+            &user_data);
         ZYAN_PRINTF(" %s\n", &buffer[0]);
+
         data += instruction.length;
         length -= instruction.length;
         runtime_address += instruction.length;

examples/Formatter03.c

@@ -71,12 +71,16 @@ static void DisassembleBuffer(ZydisDecoder* decoder, ZyanU8* data, ZyanUSize len
     ZyanU64 runtime_address = 0x007FFFFFFF400000;
 
     ZydisDecodedInstruction instruction;
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
     char buffer[256];
-    while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(decoder, data, length, &instruction)))
+
+    while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(decoder, data, length, &instruction, operands,
+        ZYDIS_MAX_OPERAND_COUNT_VISIBLE, ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY)))
     {
         const ZydisFormatterToken* token;
-        if (ZYAN_SUCCESS(ZydisFormatterTokenizeInstruction(&formatter, &instruction, &buffer[0],
-            sizeof(buffer), runtime_address, &token)))
+        if (ZYAN_SUCCESS(ZydisFormatterTokenizeInstruction(&formatter, &instruction, operands,
+            instruction.operand_count_visible , &buffer[0], sizeof(buffer), runtime_address,
+            &token)))
         {
             ZydisTokenType token_type;
             ZyanConstCharPointer token_value = ZYAN_NULL;
@@ -91,6 +95,7 @@ static void DisassembleBuffer(ZydisDecoder* decoder, ZyanU8* data, ZyanUSize len
                 }
             }
         }
+
         data += instruction.length;
         length -= instruction.length;
         runtime_address += instruction.length;

examples/RewriteCode.c

@@ -89,7 +89,9 @@ int main(int argc, char** argv)
 
     // Attempt to decode the given bytes as an X86-64 instruction.
     ZydisDecodedInstruction instr;
-    ZyanStatus status = ZydisDecoderDecodeBuffer(&decoder, bytes, num_bytes, &instr);
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
+    ZyanStatus status = ZydisDecoderDecodeFull(&decoder, bytes, num_bytes, &instr, operands,
+        ZYDIS_MAX_OPERAND_COUNT_VISIBLE, ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY);
     if (ZYAN_FAILED(status))
     {
         fprintf(stderr, "Failed to decode instruction: %02" PRIx32, status);
@@ -102,12 +104,14 @@ int main(int argc, char** argv)
 
     // Format & print the original instruction.
     char fmt_buf[256];
-    ExpectSuccess(ZydisFormatterFormatInstruction(&fmt, &instr, fmt_buf, sizeof(fmt_buf), 0));
+    ExpectSuccess(ZydisFormatterFormatInstruction(&fmt, &instr, operands,
+        instr.operand_count_visible, fmt_buf, sizeof(fmt_buf), 0));
     printf("Original instruction: %s\n", fmt_buf);
 
     // Create an encoder request from the previously decoded instruction.
     ZydisEncoderRequest enc_req;
-    ExpectSuccess(ZydisEncoderDecodedInstructionToEncoderRequest(&instr, &enc_req));
+    ExpectSuccess(ZydisEncoderDecodedInstructionToEncoderRequest(&instr, operands,
+        instr.operand_count_visible, &enc_req));
 
     // Now, change some things about the instruction!
 
@@ -152,8 +156,10 @@ int main(int argc, char** argv)
     ExpectSuccess(ZydisEncoderEncodeInstruction(&enc_req, new_bytes, &new_instr_length));
 
     // Decode and print the new instruction. We re-use the old buffers.
-    ExpectSuccess(ZydisDecoderDecodeBuffer(&decoder, new_bytes, new_instr_length, &instr));
-    ExpectSuccess(ZydisFormatterFormatInstruction(&fmt, &instr, fmt_buf, sizeof(fmt_buf), 0));
+    ExpectSuccess(ZydisDecoderDecodeFull(&decoder, new_bytes, new_instr_length, &instr,
+        operands, ZYDIS_MAX_OPERAND_COUNT_VISIBLE, ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY));
+    ExpectSuccess(ZydisFormatterFormatInstruction(&fmt, &instr, operands,
+        instr.operand_count_visible, fmt_buf, sizeof(fmt_buf), 0));
     printf("New instruction:      %s\n", fmt_buf);
 
     // Print the new instruction as hex-bytes.

examples/ZydisPerfTest.c

@@ -223,35 +223,38 @@ static void AdjustProcessAndThreadPriority(void)
 /* Internal functions                                                                             */
 /* ============================================================================================== */
 
+typedef struct TestContext_
+{
+    ZydisDecoderContext context;
+    ZydisDecodedInstruction instruction;
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT];
+    char format_buffer[256];
+    ZyanBool minimal_mode;
+    ZyanBool format;
+    ZyanBool tokenize;
+} TestContext;
+
 static ZyanU64 ProcessBuffer(const ZydisDecoder* decoder, const ZydisFormatter* formatter,
-    /* const ZydisCacheTable* cache, */
-    const ZyanU8* buffer, ZyanUSize length, ZyanBool format, ZyanBool tokenize, ZyanBool use_cache)
+    TestContext* context, const ZyanU8* buffer, ZyanUSize length)
 {
     ZyanU64 count = 0;
     ZyanUSize offset = 0;
     ZyanStatus status;
-    ZydisDecodedInstruction instruction_data;
-    ZydisDecodedInstruction* instruction;
-    char format_buffer[256];
 
     while (length > offset)
     {
-        if (use_cache)
-        {
-            ZYAN_UNREACHABLE;
-            // status = ZydisDecoderDecodeBufferCached(decoder, cache, buffer + offset,
-            //     length - offset, &instruction);
-        } else
-        {
-            status = ZydisDecoderDecodeBuffer(decoder, buffer + offset, length - offset,
-                &instruction_data);
-            instruction = &instruction_data;
-        }
+        status = ZydisDecoderDecodeInstruction(decoder, &context->context, buffer + offset,
+            length - offset, &context->instruction);
 
         if (status == ZYDIS_STATUS_NO_MORE_DATA)
         {
             break;
         }
+        if (!context->minimal_mode && ZYAN_SUCCESS(status))
+        {
+            status = ZydisDecoderDecodeOperands(decoder, &context->context, &context->instruction,
+                context->operands, context->instruction.operand_count);
+        }
         if (!ZYAN_SUCCESS(status))
         {
             ZYAN_FPRINTF(ZYAN_STDERR, "%sUnexpected decoding error. Data: ",
@@ -266,21 +269,23 @@ static ZyanU64 ProcessBuffer(const ZydisDecoder* decoder, const ZydisFormatter*
             exit(EXIT_FAILURE);
         }
 
-        if (format)
+        if (context->format)
         {
-            if (tokenize)
+            if (context->tokenize)
             {
                 const ZydisFormatterToken* token;
-                ZydisFormatterTokenizeInstruction(formatter, instruction, format_buffer,
-                    sizeof(format_buffer), offset, &token);
+                ZydisFormatterTokenizeInstruction(formatter, &context->instruction,
+                    context->operands, context->instruction.operand_count_visible, 
+                    context->format_buffer, sizeof(context->format_buffer), offset, &token);
             } else
             {
-                ZydisFormatterFormatInstruction(formatter, instruction, format_buffer,
-                    sizeof(format_buffer), offset);
+                ZydisFormatterFormatInstruction(formatter, &context->instruction,
+                    context->operands, context->instruction.operand_count_visible, 
+                    context->format_buffer, sizeof(context->format_buffer), offset);
             }
         }
 
-        offset += instruction->length;
+        offset += context->instruction.length;
         ++count;
     }
 
@@ -328,16 +333,20 @@ static void TestPerformance(const ZyanU8* buffer, ZyanUSize length, ZyanBool min
         }
     }
 
+    TestContext context;
+    context.minimal_mode = minimal_mode;
+    context.format = format;
+    context.tokenize = tokenize;
+
     // Cache warmup
-    ProcessBuffer(&decoder, &formatter, /* cache, */ buffer, length, format, tokenize, use_cache);
+    ProcessBuffer(&decoder, &formatter, &context, buffer, length);
 
     // Testing
     ZyanU64 count = 0;
     StartCounter();
     for (ZyanU8 j = 0; j < 100; ++j)
     {
-        count += ProcessBuffer(&decoder, &formatter, /* cache, */ buffer, length, format,
-            tokenize, use_cache);
+        count += ProcessBuffer(&decoder, &formatter, &context, buffer, length);
     }
     const char* color[4];
     color[0] = minimal_mode ? CVT100_OUT(COLOR_VALUE_G) : CVT100_OUT(COLOR_VALUE_B);
@@ -400,7 +409,8 @@ static void GenerateTestData(FILE* file, ZyanU8 encoding)
         default:
             ZYAN_UNREACHABLE;
         }
-        if (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(&decoder, data, sizeof(data), &instruction)))
+        if (ZYAN_SUCCESS(ZydisDecoderDecodeInstruction(&decoder, ZYAN_NULL, data, 
+            sizeof(data), &instruction)))
         {
             ZyanBool b = ZYAN_FALSE;
             switch (encoding)
@@ -438,7 +448,6 @@ static void GenerateTestData(FILE* file, ZyanU8 encoding)
                     last = p;
                     ZYAN_PRINTF("%3.0d%%\n", p);
                 }
-
             }
         }
     }

examples/ZydisWinKernel.c

@@ -159,12 +159,15 @@ DriverEntry(
 
     SIZE_T readOffset = 0;
     ZydisDecodedInstruction instruction;
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
     ZyanStatus status;
     CHAR printBuffer[128];
 
     // Start the decode loop
-    while ((status = ZydisDecoderDecodeBuffer(&decoder, (PVOID)(imageBase + entryPointRva + readOffset),
-        length - readOffset, &instruction)) != ZYDIS_STATUS_NO_MORE_DATA)
+    while ((status = ZydisDecoderDecodeFull(&decoder, 
+        (PVOID)(imageBase + entryPointRva + readOffset), length - readOffset, &instruction,
+        operands, ZYDIS_MAX_OPERAND_COUNT_VISIBLE, ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY)) != 
+        ZYDIS_STATUS_NO_MORE_DATA)
     {
         NT_ASSERT(ZYAN_SUCCESS(status));
         if (!ZYAN_SUCCESS(status))
@@ -176,7 +179,8 @@ DriverEntry(
         // Format and print the instruction
         const ZyanU64 instrAddress = (ZyanU64)(imageBase + entryPointRva + readOffset);
         ZydisFormatterFormatInstruction(
-            &formatter, &instruction, printBuffer, sizeof(printBuffer), instrAddress);
+            &formatter, &instruction, operands, instruction.operand_count_visible, printBuffer, 
+            sizeof(printBuffer), instrAddress);
         Print("+%-4X 0x%-16llX\t\t%hs\n", (ULONG)readOffset, instrAddress, printBuffer);
 
         readOffset += instruction.length;