Permalink
Browse files

Renamed `Capstone` -> `Zydis`

- Prevents name clashes with actual capstone disassembler implementation
  • Loading branch information...
athre0z authored and mrexodia committed Sep 20, 2017
1 parent 5338a0a commit 4c841d85c6ca89db847824c5ad6c21bd0c7c6abe
View
@@ -374,7 +374,7 @@ void _dbg_dbgtraceexecute(duint CIP)
if(MemRead(CIP, buffer, MAX_DISASM_BUFFER))
{
TraceRecord.increaseInstructionCounter();
Capstone instruction;
Zydis instruction;
instruction.Disassemble(CIP, buffer, MAX_DISASM_BUFFER);
TraceRecord.TraceExecute(CIP, instruction.Size());
}
View
@@ -98,7 +98,7 @@ extern "C" DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr)
unsigned char data[16];
if(MemRead(addr, data, sizeof(data), nullptr, true))
{
Capstone cp;
Zydis cp;
if(cp.Disassemble(addr, data))
{
CONTEXT ctx;
@@ -334,7 +334,7 @@ extern "C" DLL_EXPORT bool _dbg_addrinfoget(duint addr, SEGMENTREG segment, BRID
BRIDGE_ADDRINFO newinfo;
char string_text[MAX_STRING_SIZE] = "";
Capstone cp;
Zydis cp;
auto getregs = !bOnlyCipAutoComments || addr == titcontext.cip;
disasmget(cp, addr, &instr, getregs);
@@ -735,10 +735,10 @@ extern "C" DLL_EXPORT duint _dbg_getbranchdestination(duint addr)
unsigned char data[MAX_DISASM_BUFFER];
if(!MemIsValidReadPtr(addr, true) || !MemRead(addr, data, sizeof(data)))
return 0;
Capstone cp;
Zydis cp;
if(!cp.Disassemble(addr, data))
return 0;
if(cp.IsBranchType(Capstone::BT_Jmp | Capstone::BT_Call | Capstone::BT_Loop))
if(cp.IsBranchType(Zydis::BT_Jmp | Zydis::BT_Call | Zydis::BT_Loop))
{
auto opValue = cp.ResolveOpValue(0, [](ZydisRegister reg) -> size_t
{
@@ -50,7 +50,7 @@ duint CodeFollowPass::GetReferenceOperand(const ZydisDecodedInstruction & Contex
return 0;
}
duint CodeFollowPass::GetMemoryOperand(Capstone & Disasm, const ZydisDecodedInstruction & Context, bool* Indirect)
duint CodeFollowPass::GetMemoryOperand(Zydis & Disasm, const ZydisDecodedInstruction & Context, bool* Indirect)
{
if(Context.operandCount <= 0)
return 0;
@@ -15,5 +15,5 @@ class CodeFollowPass : public AnalysisPass
private:
duint GetReferenceOperand(const ZydisDecodedInstruction & Context);
duint GetMemoryOperand(Capstone & Disasm, const ZydisDecodedInstruction & Context, bool* Indirect);
duint GetMemoryOperand(Zydis & Disasm, const ZydisDecodedInstruction & Context, bool* Indirect);
};
@@ -142,7 +142,7 @@ void LinearPass::AnalyseOverlaps()
void LinearPass::AnalysisWorker(duint Start, duint End, BBlockArray* Blocks)
{
Capstone disasm;
Zydis disasm;
duint blockBegin = Start; // BBlock starting virtual address
duint blockEnd = 0; // BBlock ending virtual address
@@ -17,7 +17,7 @@ class Analysis
duint mBase;
duint mSize;
unsigned char* mData;
Capstone mCp;
Zydis mCp;
bool inRange(duint addr) const
{
@@ -284,7 +284,7 @@ bool cbInstrFindAllMem(int argc, char* argv[])
return true;
}
static bool cbFindAsm(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
static bool cbFindAsm(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!disasm || !basicinfo) //initialize
{
@@ -372,7 +372,7 @@ struct VALUERANGE
duint end;
};
static bool cbRefFind(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
static bool cbRefFind(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!disasm || !basicinfo) //initialize
{
@@ -454,7 +454,7 @@ bool cbInstrRefFindRange(int argc, char* argv[])
return true;
}
static bool cbRefStr(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
static bool cbRefStr(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!disasm || !basicinfo) //initialize
{
@@ -524,7 +524,7 @@ bool cbInstrRefStr(int argc, char* argv[])
return true;
}
static bool cbModCallFind(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
static bool cbModCallFind(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!disasm || !basicinfo) //initialize
{
@@ -714,7 +714,7 @@ struct GUIDRefInfo
HKEY CLSID;
};
static bool cbGUIDFind(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
static bool cbGUIDFind(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo)
{
if(!disasm || !basicinfo) //initialize
{
@@ -326,7 +326,7 @@ bool cbInstrVisualize(int argc, char* argv[])
//DisassemblyBreakpointColor = #000000
{
//initialize
Capstone _cp;
Zydis _cp;
duint _base = start;
duint _size = maxaddr - start;
Memory<unsigned char*> _data(_size);
@@ -444,7 +444,7 @@ bool cbInstrBriefcheck(int argc, char* argv[])
return false;
Memory<unsigned char*> buffer(size + 16);
DbgMemRead(base, buffer(), size);
Capstone cp;
Zydis cp;
std::unordered_set<String> reported;
for(duint i = 0; i < size;)
{
View
@@ -1160,7 +1160,7 @@ void cbRtrStep()
#endif //_WIN64
)
{
Capstone cp;
Zydis cp;
unsigned char data[MAX_DISASM_BUFFER];
memset(data, 0, sizeof(data));
MemRead(cip, data, MAX_DISASM_BUFFER);
View
@@ -24,7 +24,7 @@ static MEMORY_SIZE argsize2memsize(int argsize)
return size_byte;
}
void fillbasicinfo(Capstone* cp, BASIC_INSTRUCTION_INFO* basicinfo, bool instrText)
void fillbasicinfo(Zydis* cp, BASIC_INSTRUCTION_INFO* basicinfo, bool instrText)
{
//zero basicinfo
memset(basicinfo, 0, sizeof(BASIC_INSTRUCTION_INFO));
@@ -95,7 +95,7 @@ bool disasmfast(const unsigned char* data, duint addr, BASIC_INSTRUCTION_INFO* b
{
if(!data || !basicinfo)
return false;
Capstone cp;
Zydis cp;
cp.Disassemble(addr, data, MAX_DISASM_BUFFER);
if(trydisasmfast(data, addr, basicinfo, cp.Success() ? cp.Size() : 1))
return true;
View
@@ -4,7 +4,7 @@
#include "_global.h"
#include <zydis_wrapper.h>
void fillbasicinfo(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, bool instrText = true);
void fillbasicinfo(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, bool instrText = true);
bool disasmfast(duint addr, BASIC_INSTRUCTION_INFO* basicinfo, bool cache = false);
bool disasmfast(const unsigned char* data, duint addr, BASIC_INSTRUCTION_INFO* basicinfo);
View
@@ -22,7 +22,7 @@ duint disasmback(unsigned char* data, duint base, duint size, duint ip, int n)
unsigned char* pdata;
// Reset Disasm Structure
Capstone cp;
Zydis cp;
// Check if the pointer is not null
if(data == NULL)
@@ -82,7 +82,7 @@ duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n)
unsigned char* pdata;
// Reset Disasm Structure
Capstone cp;
Zydis cp;
if(data == NULL)
return 0;
@@ -111,7 +111,7 @@ duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n)
return ip;
}
static void HandleCapstoneOperand(Capstone & cp, int opindex, DISASM_ARG* arg, bool getregs)
static void HandleCapstoneOperand(Zydis & cp, int opindex, DISASM_ARG* arg, bool getregs)
{
auto value = cp.ResolveOpValue(opindex, [&cp, getregs](ZydisRegister reg)
{
@@ -185,7 +185,7 @@ static void HandleCapstoneOperand(Capstone & cp, int opindex, DISASM_ARG* arg, b
}
}
void disasmget(Capstone & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs)
void disasmget(Zydis & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs)
{
memset(instr, 0, sizeof(DISASM_INSTR));
cp.Disassemble(addr, buffer, MAX_DISASM_BUFFER);
@@ -202,7 +202,7 @@ void disasmget(Capstone & cp, unsigned char* buffer, duint addr, DISASM_INSTR* i
auto cpInstr = cp.GetInstr();
strcpy_s(instr->instruction, cp.InstructionText().c_str());
instr->instr_size = cpInstr->length;
if(cp.IsBranchType(Capstone::BT_Jmp | Capstone::BT_Loop | Capstone::BT_Ret | Capstone::BT_Call))
if(cp.IsBranchType(Zydis::BT_Jmp | Zydis::BT_Loop | Zydis::BT_Ret | Zydis::BT_Call))
instr->type = instr_branch;
else if(strstr(instr->instruction, "sp") || strstr(instr->instruction, "bp"))
instr->type = instr_stack;
@@ -213,7 +213,7 @@ void disasmget(Capstone & cp, unsigned char* buffer, duint addr, DISASM_INSTR* i
HandleCapstoneOperand(cp, i, &instr->arg[i], getregs);
}
void disasmget(Capstone & cp, duint addr, DISASM_INSTR* instr, bool getregs)
void disasmget(Zydis & cp, duint addr, DISASM_INSTR* instr, bool getregs)
{
if(!DbgIsDebugging())
{
@@ -230,7 +230,7 @@ void disasmget(Capstone & cp, duint addr, DISASM_INSTR* instr, bool getregs)
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs)
{
Capstone cp;
Zydis cp;
disasmget(cp, buffer, addr, instr, getregs);
}
@@ -404,7 +404,7 @@ bool disasmgetstringatwrapper(duint addr, char* dest, bool cache)
int disasmgetsize(duint addr, unsigned char* data)
{
Capstone cp;
Zydis cp;
if(!cp.Disassemble(addr, data, MAX_DISASM_BUFFER))
return 1;
return int(EncodeMapGetSize(addr, cp.Size()));
View
@@ -7,8 +7,8 @@
//functions
duint disasmback(unsigned char* data, duint base, duint size, duint ip, int n);
duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n);
void disasmget(Capstone & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(Capstone & cp, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(Zydis & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(Zydis & cp, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(duint addr, DISASM_INSTR* instr, bool getregs = true);
bool disasmispossiblestring(duint addr, STRING_TYPE* type = nullptr);
View
@@ -248,7 +248,7 @@ bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type, bool* created)
memset(map.data + offset, (byte)enc_middle, size);
if(IsCodeType(type) && size > 1)
{
Capstone cp;
Zydis cp;
Memory<unsigned char*> buffer(size);
if(!MemRead(addr, buffer(), size))
return false;
View
@@ -178,7 +178,7 @@ namespace Exprfunc
unsigned char data[16];
if(MemRead(addr, data, sizeof(data), nullptr, true))
{
Capstone cp;
Zydis cp;
if(cp.Disassemble(addr, data))
return cp.IsNop();
}
@@ -190,7 +190,7 @@ namespace Exprfunc
unsigned char data[16];
if(MemRead(addr, data, sizeof(data), nullptr, true))
{
Capstone cp;
Zydis cp;
if(cp.Disassemble(addr, data))
return cp.IsUnusual();
}
View
@@ -63,7 +63,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "%s (Region %p)")), Name, scanStart);
// Initialize disassembler
Capstone cp;
Zydis cp;
// Allow an "initialization" notice
refInfo.refcount = 0;
@@ -104,7 +104,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
sprintf_s(fullName, "%s (%p)", Name, scanStart);
// Initialize disassembler
Capstone cp;
Zydis cp;
// Allow an "initialization" notice
refInfo.refcount = 0;
@@ -147,7 +147,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
}
// Initialize disassembler
Capstone cp;
Zydis cp;
// Determine the full module
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "All Modules (%s)")), Name);
@@ -185,7 +185,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
return refInfo.refcount;
}
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Capstone & cp, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText)
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Zydis & cp, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText)
{
// Allocate and read a buffer from the remote process
Memory<unsigned char*> data(scanSize, "reffind:data");
View
@@ -20,10 +20,10 @@ typedef enum
} REFFINDTYPE;
// Reference callback typedef
typedef bool (*CBREF)(Capstone* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo);
typedef bool (*CBREF)(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO* refinfo);
typedef std::function<void(int)> CBPROGRESS;
int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Silent, const char* Name, REFFINDTYPE type, bool disasmText);
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Capstone & cp, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText);
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Zydis & cp, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText);
#endif // _REFERENCE_H
View
@@ -643,7 +643,7 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit()
json_set_alloc_funcs(json_malloc, json_free);
//#endif //ENABLE_MEM_TRACE
dputs(QT_TRANSLATE_NOOP("DBG", "Initializing capstone..."));
Capstone::GlobalInitialize();
Zydis::GlobalInitialize();
dputs(QT_TRANSLATE_NOOP("DBG", "Initializing Yara..."));
if(yr_initialize() != ERROR_SUCCESS)
return "Failed to initialize Yara!";
@@ -780,7 +780,7 @@ extern "C" DLL_EXPORT void _dbg_dbgexitsignal()
cmdfree();
varfree();
yr_finalize();
Capstone::GlobalFinalize();
Zydis::GlobalFinalize();
dputs(QT_TRANSLATE_NOOP("DBG", "Cleaning up wait objects..."));
waitdeinitialize();
SafeDbghelpDeinitialize();
@@ -35,7 +35,7 @@ ulong QBeaEngine::DisassembleBack(byte_t* data, duint base, duint size, duint ip
unsigned char* pdata;
// Reset Disasm Structure
Capstone cp;
Zydis cp;
// Check if the pointer is not null
if(data == NULL)
@@ -131,7 +131,7 @@ ulong QBeaEngine::DisassembleNext(byte_t* data, duint base, duint size, duint ip
unsigned char* pdata;
// Reset Disasm Structure
Capstone cp;
Zydis cp;
if(data == NULL)
return 0;
@@ -200,14 +200,14 @@ Instruction_t QBeaEngine::DisassembleAt(byte_t* data, duint size, duint origBase
auto branchType = Instruction_t::None;
Instruction_t wInst;
if(success && (cp.IsBranchType(Capstone::BT_Jmp | Capstone::BT_Call | Capstone::BT_Ret | Capstone::BT_Loop)))
if(success && (cp.IsBranchType(Zydis::BT_Jmp | Zydis::BT_Call | Zydis::BT_Ret | Zydis::BT_Loop)))
{
wInst.branchDestination = DbgGetBranchDestination(origBase + origInstRVA);
if(cp.IsBranchType(Capstone::BT_UncondJmp))
if(cp.IsBranchType(Zydis::BT_UncondJmp))
branchType = Instruction_t::Unconditional;
else if(cp.IsBranchType(Capstone::BT_Call))
else if(cp.IsBranchType(Zydis::BT_Call))
branchType = Instruction_t::Call;
else if(cp.IsBranchType(Capstone::BT_CondJmp))
else if(cp.IsBranchType(Zydis::BT_CondJmp))
branchType = Instruction_t::Conditional;
}
else
Oops, something went wrong.

0 comments on commit 4c841d8

Please sign in to comment.