Skip to content

Latest commit

 

History

History
90 lines (78 loc) · 3.28 KB

README.md

File metadata and controls

90 lines (78 loc) · 3.28 KB

Zydis Pascal Bindings

License: MIT Gitter Discord

Pascal language bindings for the Zydis library, a fast and lightweight x86/x86-64 disassembler.

Readme

The Zydis pascal bindings support both dynamic and static linkage. The required binaries for Windows can be acquired in the Releases section.

Dynamic

  • Extract the Zydis32.dll or Zydis64.dll from the Bin32/Bin64 folder to the directory that contains your application or install the library to your C:\Windows\System32\ (64-bit) / C:\Windows\SysWOW64\ (32-bit) directory
  • Enable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive (enabled by default) in Zydis.pas

Static

  • Extract the complete Bin32/Bin64 folder to the root of the pascal bindings directory
  • Disable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive in Zydis.pas

Example

uses
  System.SysUtils,
  Zydis,
  Zydis.Exception,
  Zydis.Decoder,
  Zydis.Formatter;

const
  X86DATA: array of Byte = [$51, $8D, $45, $FF, $50, $FF, $75, $0C, $FF, $75,
                            $08, $FF, $15, $A0, $A5, $48, $76, $85, $C0, $0F,
                            $88, $FC, $DA, $02, $00];

var
  Formatter: Zydis.Formatter.TZydisFormatter;
  Decoder: Zydis.Decoder.TZydisDecoder;
  InstructionPointer: ZydisU64;
  Offset: Integer;
  Instruction: TZydisDecodedInstruction;
begin
  try
    if (ZydisGetVersion <> ZYDIS_VERSION) then
    begin
      raise Exception.Create('Invalid Zydis version');
    end;

    Formatter := Zydis.Formatter.TZydisFormatter.Create(ZYDIS_FORMATTER_STYLE_INTEL);
    try
      Formatter.ForceMemorySegments := true;
      Formatter.ForceMemorySize := true;
      Decoder :=
        Zydis.Decoder.TZydisDecoder.Create(ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
      try
        InstructionPointer := $007FFFFFFF400000;
        Offset := 0;
        repeat
          Decoder.DecodeBuffer(@X86DATA[Offset], Length(X86DATA) - Offset, InstructionPointer,
            Instruction);
          WriteLn(Format('%.16x  %s',
            [InstructionPointer, Formatter.FormatInstruction(Instruction)]));
          Inc(InstructionPointer, Instruction.Length);
          Inc(Offset, Instruction.Length);
        until (Offset >= Length(X86DATA));
      finally
        Decoder.Free;
      end;
    finally
      Formatter.Free;
    end;

  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

Output

007FFFFFFF400000  push rcx
007FFFFFFF400001  lea eax, ss:[rbp-0x01]
007FFFFFFF400004  push rax
007FFFFFFF400005  push qword ptr ss:[rbp+0x0C]
007FFFFFFF400008  push qword ptr ss:[rbp+0x08]
007FFFFFFF40000B  call qword ptr ds:[0x008000007588A5B1]
007FFFFFFF400011  test eax, eax
007FFFFFFF400013  js 0x007FFFFFFF42DB15

License

The Zydis Pascal Bindings are licensed under the MIT License.