All geek questions in one place

Get instruction size x86-64

I need a function that can calculate the length of an x86-64 instruction.

For example, this could be used like this:

char ret[] = { 0xc3 }; size_t length = instructionLength(ret);

length in this example will be set to 1.

I do not want to include the entire disassembly library, since the only information required is the length of the instruction.

I am looking for a minimalist approach written in C, and ideally as little as possible.

A 100% complete x86-64 instruction set is not strictly necessary (very obscure, such as vector register instruction sets, may be omitted).

A similar answer to what I'm looking for (but for the wrong architecture):

Get assembly instructions

+5
source share
1 answer

There is an Intel XED library for working with x86 / x86_64 instructions: https://github.com/intelxed/xed , and this is the only correct way to work with Intel.

Function

xed_decode will provide you with all the information about the instruction: https://intelxed.imtqy.com/ref-manual/group__DEC.html https://intelxed.imtqy.com/ref-manual/group__DEC.html#ga9a27c2bb97caf98a6024567b261d0652

And xed_ild_decode is for decoding the length of a command: https://intelxed.imtqy.com/ref-manual/group__DEC.html#ga4bef6152f61997a47c4e0fe4327a3254

 XED_DLL_EXPORT xed_error_enum_t xed_ild_decode ( xed_decoded_inst_t * xedd, const xed_uint8_t * itext, const unsigned int bytes )

This function simply decodes the length of the instruction.

It does not return a fully decoded instruction.

Options

  • xedd is a decoded command of the type xed_decoded_inst_t. Mode / status sent via xedd; See Xed_state_t.
  • itext pointer to byte array of instruction text
  • bytes of the length of the itext input array. From 1 to 15 bytes, more and more ignored.

Return:

xed_error_enum_t indicating success (XED_ERROR_NONE) or failure. Only two failure codes are valid for this function: XED_ERROR_BUFFER_TOO_SHORT and XED_ERROR_GENERAL_ERROR. In general, this function cannot determine if the instruction is valid or not. For valid instructions, XED can determine if there were enough bytes to decode the instruction. If this is not enough, XED will return XED_ERROR_BUFFER_TOO_SHORT. Of this function, XED_ERROR_GENERAL_ERROR is a sign that XED cannot decode the length of the instruction, because the instruction was so invalid that even its length could go through implantation.

To get the length from xedd filled by xed_ild_decode use xed_decoded_inst_get_length : https://intelxed.imtqy.com/ref-manual/group__DEC.html#gad1051f7b86c94d5670f684a6ea79fcdf

 static XED_INLINE xed_uint_t xed_decoded_inst_get_length ( const xed_decoded_inst_t * p )

Returns the length of the decoded instruction in bytes.

Sample code ("Apache License, version 2.0" from Intel 2016): https://github.com/intelxed/xed/blob/master/examples/xed-ex-ild.c

 #include "xed/xed-interface.h" #include <stdio.h> int main() { xed_bool_t long_mode = 1; xed_decoded_inst_t xedd; xed_state_t dstate; unsigned char itext[15] = { 0xf2, 0x2e, 0x4f, 0x0F, 0x85, 0x99, 0x00, 0x00, 0x00 }; xed_tables_init(); // one time per process if (long_mode) dstate.mmode=XED_MACHINE_MODE_LONG_64; else dstate.mmode=XED_MACHINE_MODE_LEGACY_32; xed_decoded_inst_zero_set_mode(&xedd, &dstate); xed_ild_decode(&xedd, itext, XED_MAX_INSTRUCTION_BYTES); printf("length = %u\n",xed_decoded_inst_get_length(&xedd)); return 0; }
+6
source

Source: https://habr.com/ru/post/1268298/

More articles:


All Articles