Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upReplace disassembler engine with Zydis #1730
Conversation
- While at it, added branch info logic to disassembler class - Thus reduce direct checks by mnemonic in GUI and analysis code - Replaced direct disassembler struct access with disassembler class calls where trivially possible - Removed workarounds for empty segment registers - Temp. disabled `cbInstrCapstone` command - Temp. disabled flag stuff in `QBeaEngine`
- Prevents name clashes with actual capstone disassembler implementation
- Fixed various porting bugs in the Zydis `CapstoneTokenizer` - Added Capstone vs Zydis tokenizing diff and various exceptions for known issues
- Also, more whitelist entries for the CS-Zydis diff
- Instead, we directly use Zydis as a submodule now
- Removed underscores - Removed redundant “zy” prefix - Executed `AStyleWhore` (sorreh, I use git on my macOS host, can’t put it into pre-commit-hook)
- Comment out diff code in GUI - Enable optimization - A few more whitelist entries in the diff code - A few fixes in the old tokenizer to be consistent with the new one in diffs - Remove LICENSE and README now that the wrapper is part of the x64dbg core repo
- Remove unused semantic groups - Improve handling of “far” in tokenizer
| { | ||
| //set the branch destinations | ||
| node.brtrue = mCp.BranchDestination(); | ||
| if(mCp.GetId() != X86_INS_JMP && mCp.GetId() != X86_INS_LJMP) //unconditional jumps dont have a brfalse | ||
| if(mCp.GetId() != ZYDIS_MNEMONIC_JMP) //unconditional jumps dont have a brfalse |
nooperation
Sep 29, 2017
Should this also exclude ZYDIS_MNEMONIC_JMP_FAR? The previous logic excluded both unconditional jumps
Should this also exclude ZYDIS_MNEMONIC_JMP_FAR? The previous logic excluded both unconditional jumps
athre0z
Sep 29, 2017
Author
Contributor
Zydis has the same mnemonic constant for both far and near jumps.
Zydis has the same mnemonic constant for both far and near jumps.
athre0z
Sep 29, 2017
Author
Contributor
In case you're wondering why this is the case: we stick to Intel SDM as close as possible and Intel doesn't treat them as separate instructions either.
In case you're wondering why this is the case: we stick to Intel SDM as close as possible and Intel doesn't treat them as separate instructions either.
|
The |
|
I think it was one of his coworkers actually...
…On Mon, 9 Oct 2017 at 02:03, Joel Höner ***@***.***> wrote:
The Mergings project card mentions that @blaquee
<https://github.com/blaquee> found problems with this PR. Could you
elaborate?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1730 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACWCmRCQsP3D6uVovrlLf7z-6A4lwf7Pks5sqWLHgaJpZM4PjR4a>
.
|
|
when i compile the whole project ,says miss zydis/xxxx.h, and how i solve it ? thk |
|
Try cloning recursively ( |
thks, it works well,because working offline (can not too sad), i find and download them all. |
Current status
zydis_wrapperZydisas a submodulecapstone_wrapperwithzydis_wrapperIsBranchType, replacing many manualif(mnem == ...)occurrencesQBeaEnginetoCSQBeaEngineandCapstoneTokenizertoCsCapstoneTokenizer, for diffingCsCapstoneTokenizerto useCapstoneTokenizer's data classes for easy comparisionDisassembly.cpp(commented out)Future work required
If there's anything you don't like that you'd like me to change, just say the word.