DynamoRIO
|
Decoding routines. More...
Functions | |
DR_API byte * | decode_eflags_usage (void *drcontext, byte *pc, uint *usage, dr_opnd_query_flags_t flags) |
DR_API byte * | decode (void *drcontext, byte *pc, instr_t *instr) |
DR_API byte * | decode_from_copy (void *drcontext, byte *copy_pc, byte *orig_pc, instr_t *instr) |
DR_API instrlist_t * | decode_as_bb (void *drcontext, byte *start_pc) |
DR_API instrlist_t * | decode_trace (void *drcontext, void *tag) |
DR_API byte | decode_first_opcode_byte (int opcode) |
const DR_API char * | decode_opcode_name (int opcode) |
DR_API bool | set_x86_mode (void *drcontext, bool x86) |
DR_API bool | get_x86_mode (void *drcontext) |
DR_API app_pc | dr_app_pc_as_jump_target (dr_isa_mode_t isa_mode, app_pc pc) |
DR_API app_pc | dr_app_pc_as_load_target (dr_isa_mode_t isa_mode, app_pc pc) |
DR_API app_pc | decode_memory_reference_size (void *drcontext, app_pc pc, uint *size_in_bytes) |
DR_API int | decode_sizeof (void *drcontext, byte *pc, int *num_prefixes _IF_X86_64(uint *rip_rel_pos)) |
DR_API int | decode_sizeof_ex (void *drcontext, byte *pc, int *num_prefixes, uint *rip_rel_pos) |
DR_API byte * | decode_next_pc (void *drcontext, byte *pc) |
Detailed Description
Decoding routines.
Function Documentation
◆ decode()
DR_API byte* decode | ( | void * | drcontext, |
byte * | pc, | ||
instr_t * | instr | ||
) |
Decodes the instruction at address pc
into instr
, filling in the instruction's opcode, eflags usage, prefixes, and operands. The instruction's raw bits are set to valid and pointed at pc
(xref instr_get_raw_bits()). Assumes that instr
is already initialized, but uses the x86/x64 mode for the thread dcontext
rather than that set in instr. If caller is re-using same instr_t struct over multiple decodings, caller should call instr_reset() or instr_reuse(). Returns the address of the next byte after the decoded instruction. Returns NULL on decoding an invalid instr and sets opcode to OP_INVALID.
◆ decode_as_bb()
DR_API instrlist_t* decode_as_bb | ( | void * | drcontext, |
byte * | start_pc | ||
) |
Client routine to decode instructions at an arbitrary app address, following all the rules that DynamoRIO follows internally for terminating basic blocks. Note that DynamoRIO does not validate that start_pc
is actually the first instruction of a basic block.
- Note
- Caller is reponsible for freeing the list and its instrs!
◆ decode_eflags_usage()
DR_API byte* decode_eflags_usage | ( | void * | drcontext, |
byte * | pc, | ||
uint * | usage, | ||
dr_opnd_query_flags_t | flags | ||
) |
Decodes only enough of the instruction at address pc
to determine its eflags usage, which is returned in usage
as EFLAGS_ constants or'ed together. Returns the address of the next byte after the decoded instruction. Returns NULL on decoding an invalid instruction.
◆ decode_first_opcode_byte()
DR_API byte decode_first_opcode_byte | ( | int | opcode | ) |
Given an OP_ constant, returns the first byte of its opcode when encoded as an IA-32 instruction.
◆ decode_from_copy()
DR_API byte* decode_from_copy | ( | void * | drcontext, |
byte * | copy_pc, | ||
byte * | orig_pc, | ||
instr_t * | instr | ||
) |
Decodes the instruction at address copy_pc
into instr
as though it were located at address orig_pc
. Any pc-relative operands have their values calculated as though the instruction were actually at orig_pc
, though that address is never de-referenced. The instruction's raw bits are not valid, but its application address field (see instr_get_app_pc()) is set to orig_pc
. The instruction's opcode, eflags usage, prefixes, and operands are all filled in. Assumes that instr
is already initialized, but uses the x86/x64 mode for the thread dcontext
rather than that set in instr. If caller is re-using same instr_t struct over multiple decodings, caller should call instr_reset() or instr_reuse(). Returns the address of the next byte after the decoded instruction copy at copy_pc
. Returns NULL on decoding an invalid instr and sets opcode to OP_INVALID.
◆ decode_memory_reference_size()
DR_API app_pc decode_memory_reference_size | ( | void * | drcontext, |
app_pc | pc, | ||
uint * | size_in_bytes | ||
) |
Calculates the size, in bytes, of the memory read or write of the instr at pc
. If the instruction is a repeating string instruction, considers only one iteration. Returns the pc of the following instruction. If the instruction at pc
does not reference memory, or is invalid, returns NULL.
◆ decode_next_pc()
DR_API byte* decode_next_pc | ( | void * | drcontext, |
byte * | pc | ||
) |
Decodes only enough of the instruction at address pc
to determine its size. Returns the address of the byte following the instruction. May return NULL on decoding certain invalid instructions. This corresponds to a Level 1 decoding. Levels are not exposed in the API anymore, however.
◆ decode_opcode_name()
const DR_API char* decode_opcode_name | ( | int | opcode | ) |
Given an OP_ constant, returns the string name of its opcode.
◆ decode_sizeof()
DR_API int decode_sizeof | ( | void * | drcontext, |
byte * | pc, | ||
int *num_prefixes | _IF_X86_64uint *rip_rel_pos | ||
) |
Decodes only enough of the instruction at address pc
to determine its size. Returns that size. If num_prefixes
is non-NULL, returns the number of prefix bytes.
On x86, if rip_rel_pos
is non-NULL, returns the offset into the instruction of a rip-relative addressing displacement (for data only: ignores control-transfer relative addressing; use decode_sizeof_ex() for that), or 0 if none. The rip_rel_pos
parameter is only implemented for x86, where the displacement is always 4 bytes in size.
May return 0 size for certain invalid instructions.
◆ decode_sizeof_ex()
DR_API int decode_sizeof_ex | ( | void * | drcontext, |
byte * | pc, | ||
int * | num_prefixes, | ||
uint * | rip_rel_pos | ||
) |
Decodes only enough of the instruction at address pc
to determine its size. Returns that size. If num_prefixes
is non-NULL, returns the number of prefix bytes.
On x86, if rip_rel_pos
is non-NULL, returns the offset into the instruction of a rip-relative addressing displacement for data or control-transfer relative addressing, or 0 if none. This is only implemented for x86, where the displacement is always 4 bytes for data but can be 1 byte for control.
May return 0 size for certain invalid instructions.
◆ decode_trace()
DR_API instrlist_t* decode_trace | ( | void * | drcontext, |
void * | tag | ||
) |
Decodes the trace with tag tag
, and returns an instrlist_t of the instructions comprising that fragment. If tag
is not a valid tag for an existing trace, the routine returns NULL. Clients can use dr_trace_exists_at() to determine whether the trace exists.
- Note
- Unlike the instruction list presented by the trace event, the list here does not include any existing client modifications. If client-modified instructions are needed, it is the responsibility of the client to record or recreate that list itself.
- This routine does not support decoding thread-private traces created by other than the calling thread.
◆ dr_app_pc_as_jump_target()
DR_API app_pc dr_app_pc_as_jump_target | ( | dr_isa_mode_t | isa_mode, |
app_pc | pc | ||
) |
Given an application program counter value, returns the corresponding value to use as an indirect branch target for the given isa_mode
. For ARM's Thumb mode (DR_ISA_ARM_THUMB), this involves setting the least significant bit of the address.
◆ dr_app_pc_as_load_target()
DR_API app_pc dr_app_pc_as_load_target | ( | dr_isa_mode_t | isa_mode, |
app_pc | pc | ||
) |
Given an application program counter value, returns the corresponding value to use as a memory load target for the given isa_mode
, or for comparing to the application address inside a basic block or trace. For ARM's Thumb mode (DR_ISA_ARM_THUMB), this involves clearing the least significant bit of the address.
◆ get_x86_mode()
DR_API bool get_x86_mode | ( | void * | drcontext | ) |
The decode and encode routines use a per-thread persistent flag that indicates whether to treat code as 32-bit (x86) or 64-bit (x64). This routine returns the value of that flag.
- Note
- For 64-bit DR builds only.
- Deprecated:
- Replaced by dr_get_isa_mode().
◆ set_x86_mode()
DR_API bool set_x86_mode | ( | void * | drcontext, |
bool | x86 | ||
) |
The decode and encode routines use a per-thread persistent flag that indicates whether to treat code as 32-bit (x86) or 64-bit (x64). This routine sets that flag to the indicated value and returns the old value. Be sure to restore the old value prior to any further application execution to avoid problems in mis-interpreting application code.
- Note
- For 64-bit DR builds only.
- Deprecated:
- Replaced by dr_set_isa_mode().