Forum > Windows
Zydis disassembler Pascal bindings and utilities
440bx:
Zydis is an open source Intel x86, 32 bit and 64 bit, instruction decoder, commonly referred to as a disassembler.
What is included in this set of posts are the Zydis dlls (32 and 64 bit) along with the majority of the C examples and tools translated from C to FPC. In addition to that, there are a few additional examples and tools that I made for my personal use in learning Zydis and thought they might be useful to others as well.
The folders/directories, which contain the examples and the tools, are numbered in such a way that lower numbered directories are simpler/easier to understand. Higher numbered directories almost always require knowledge that was exposed in lower numbered directories.
In addition to that, all files that end with the letter "A" are translations from C programs that are part of the Zydis set of examples and tools. Files that do not end in "A" are additional files that I created to test and learn Zydis which I felt could be useful to others as well.
The total amount of information exceeds what the forum allows to be uploaded in a single post. For this reason, the entire set of file is broken into 6 archive files named Zydis(A)..(F)
To obtain a working installation, create a directory, I suggest "Zydis", put all the archives in that directory and tell 7zip to "Extract here". That will recreate the entire working structure.
ZydisA.7z has the 32bit and 64bit Zydis dlls.
ZydisB.7z has the Pascal (FPC) bindings and the .o, .a and .ppu file needed for linking
ZydisC.7z has Windows API definitions and the related 32 bit .o, .a and .ppu files
ZydisD.7z has the Windows API related 64 bit .o, .a and .ppu files
ZydisE.7z has the source code and Lazarus projects for all the examples and tools.
ZydisF.7z has data files that are convenient to refer to in the examples and tools.
IMPORTANT: I use my own Windows API definitions and the majority of genuinely useful and interesting examples use those definitions, therefore, to get the most out of the examples, you have to have the definitions in ZydisC.7z and ZydisD.7z. Also important, these two file contain a rather small subset of my personal definitions, therefore they cannot, unfortunately, be used as a replacement for the definitions included with Lazarus/FPC.
Attached to this post are ZydisA.7z, ZydisE.7z and ZydisF.7z
440bx:
The first directory "000_Dependencies" contains a program whose only purpose is to ensure the installation is as it should be. If the program compiles then the installation is as it should be, if it doesn't compile, there is a problem in the installation.
The Disassemble and DisassembleSimple are the simplest ways Zydis provides to decode some bytes into instructions. The functions used in those program provide a lot of simplicity and convenience but very little control over the decoding and instruction formatting.
The Formatter series of programs shows how to obtain greater control over the formatting of an instruction. Formatter04B takes advantage of everything Zydis offers for instruction formatting (the output does _not_ showcase the program's abilities... look at the source)
Attached to this post is ZydisB.7z (the Zydis bindings)
440bx:
In addition to decoding bytes into assembly instructions, Zydis also offers an encoder. Given a description of the instruction, Zydis can produce the bytes that represent it.
This is what the "Encode..." programs and "Rewrite..." demonstrate.
Attached to this post is ZydisC.7z (Windows API definitions)
440bx:
The ZydisPerfTest programs are as the name indicates, performance tests to measure Zydis speed in decoding instruction bytes under various conditions.
The diffference between the "A" and "B" version is that the "B" version allows other processes to read the test files while it is using them, the "A" version does not (iow, exclusive access.)
IMPORTANT: on the first run, the program (either "A" or "B") creates a set of test files. Even on today's (mid-2024) fastest machines this will take several _minutes_, about 10 on a really fast machine. About an hour on an older machine, e.g, 2.8 ghz.
Attached to this post is ZydisD.7z (Windows API definitions)
440bx:
The ZydisDisasm series are programs that expect a binary file, IOW, a file of binary instructions, i.e, NOT a PE file, just binary instructions.
Each of them produces a listing that get ever closer to what IDA Pro produces for the same input file. The "B", "C", "D" were created to approximate IDA's output in successive steps.
The "...Template" has the structure needed to format output just about any way it can be done with Zydis. It is there to be "customized" by adding code to format instructions as desired.
Navigation
[0] Message Index
[#] Next page