Skip to content

zyantific/zydis-pascal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Examples
Examples
 
 
Zydis
Zydis
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Zydis Pascal Bindings

License: MIT Gitter Discord

Pascal language bindings for the Zydis library, a fast and lightweight x86/x86-64 disassembler.

Readme

The Zydis pascal bindings support both dynamic and static linkage. The required binaries for Windows can be acquired in the Releases section.

Dynamic

  • Extract the Zydis32.dll or Zydis64.dll from the Bin32/Bin64 folder to the directory that contains your application or install the library to your C:\Windows\System32\ (64-bit) / C:\Windows\SysWOW64\ (32-bit) directory
  • Enable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive (enabled by default) in Zydis.pas

Static

  • Extract the complete Bin32/Bin64 folder to the root of the pascal bindings directory
  • Disable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive in Zydis.pas

Example

uses
  System.SysUtils,
  Zydis,
  Zydis.Exception,
  Zydis.Decoder,
  Zydis.Formatter;

const
  X86DATA: array of Byte = [$51, $8D, $45, $FF, $50, $FF, $75, $0C, $FF, $75,
                            $08, $FF, $15, $A0, $A5, $48, $76, $85, $C0, $0F,
                            $88, $FC, $DA, $02, $00];

var
  Formatter: Zydis.Formatter.TZydisFormatter;
  Decoder: Zydis.Decoder.TZydisDecoder;
  InstructionPointer: ZydisU64;
  Offset: Integer;
  Instruction: TZydisDecodedInstruction;
begin
  try
    if (ZydisGetVersion <> ZYDIS_VERSION) then
    begin
      raise Exception.Create('Invalid Zydis version');
    end;

    Formatter := Zydis.Formatter.TZydisFormatter.Create(ZYDIS_FORMATTER_STYLE_INTEL);
    try
      Formatter.ForceMemorySegments := true;
      Formatter.ForceMemorySize := true;
      Decoder :=
        Zydis.Decoder.TZydisDecoder.Create(ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
      try
        InstructionPointer := $007FFFFFFF400000;
        Offset := 0;
        repeat
          Decoder.DecodeBuffer(@X86DATA[Offset], Length(X86DATA) - Offset, InstructionPointer,
            Instruction);
          WriteLn(Format('%.16x  %s',
            [InstructionPointer, Formatter.FormatInstruction(Instruction)]));
          Inc(InstructionPointer, Instruction.Length);
          Inc(Offset, Instruction.Length);
        until (Offset >= Length(X86DATA));
      finally
        Decoder.Free;
      end;
    finally
      Formatter.Free;
    end;

  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

Output

007FFFFFFF400000  push rcx
007FFFFFFF400001  lea eax, ss:[rbp-0x01]
007FFFFFFF400004  push rax
007FFFFFFF400005  push qword ptr ss:[rbp+0x0C]
007FFFFFFF400008  push qword ptr ss:[rbp+0x08]
007FFFFFFF40000B  call qword ptr ds:[0x008000007588A5B1]
007FFFFFFF400011  test eax, eax
007FFFFFFF400013  js 0x007FFFFFFF42DB15

License

The Zydis Pascal Bindings are licensed under the MIT License.

About

Zydis Pascal Bindings

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

20 stars

Watchers

7 watching

Forks

7 forks
Report repository

Releases 1

v2.0.0 Latest
Feb 28, 2018

Packages

No packages published

Languages