1 #ifndef CAPSTONE_ENGINE_H 2 #define CAPSTONE_ENGINE_H 3 4 /* Capstone Disassembly Engine */ 5 /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2013-2016 */ 6 7 #ifdef __cplusplus 8 extern "C" { 9 #endif 10 11 #if !defined(_MSC_VER) || !defined(_KERNEL_MODE) 12 #include <stdint.h> 13 #endif 14 15 #include <stdarg.h> 16 17 #if defined(CAPSTONE_HAS_OSXKERNEL) 18 #include <libkern/libkern.h> 19 #else 20 #include <stdlib.h> 21 #include <stdio.h> 22 #endif 23 24 #include "platform.h" 25 26 #ifdef _MSC_VER 27 #pragma warning(disable:4201) 28 #pragma warning(disable:4100) 29 #define CAPSTONE_API __cdecl 30 #ifdef CAPSTONE_SHARED 31 #define CAPSTONE_EXPORT __declspec(dllexport) 32 #else // defined(CAPSTONE_STATIC) 33 #define CAPSTONE_EXPORT 34 #endif 35 #else 36 #define CAPSTONE_API 37 #if defined(__GNUC__) && !defined(CAPSTONE_STATIC) 38 #define CAPSTONE_EXPORT __attribute__((visibility("default"))) 39 #else // defined(CAPSTONE_STATIC) 40 #define CAPSTONE_EXPORT 41 #endif 42 #endif 43 44 #ifdef __GNUC__ 45 #define CAPSTONE_DEPRECATED __attribute__((deprecated)) 46 #elif defined(_MSC_VER) 47 #define CAPSTONE_DEPRECATED __declspec(deprecated) 48 #else 49 #pragma message("WARNING: You need to implement CAPSTONE_DEPRECATED for this compiler") 50 #define CAPSTONE_DEPRECATED 51 #endif 52 53 // Capstone API version 54 #define CS_API_MAJOR 3 55 #define CS_API_MINOR 0 56 57 // Capstone package version 58 #define CS_VERSION_MAJOR CS_API_MAJOR 59 #define CS_VERSION_MINOR CS_API_MINOR 60 #define CS_VERSION_EXTRA 5 61 62 // Macro to create combined version which can be compared to 63 // result of cs_version() API. 64 #define CS_MAKE_VERSION(major, minor) ((major << 8) + minor) 65 66 // Handle using with all API 67 typedef size_t csh; 68 69 // Architecture type 70 typedef enum cs_arch { 71 CS_ARCH_ARM = 0, // ARM architecture (including Thumb, Thumb-2) 72 CS_ARCH_ARM64, // ARM-64, also called AArch64 73 CS_ARCH_MIPS, // Mips architecture 74 CS_ARCH_X86, // X86 architecture (including x86 & x86-64) 75 CS_ARCH_PPC, // PowerPC architecture 76 CS_ARCH_SPARC, // Sparc architecture 77 CS_ARCH_SYSZ, // SystemZ architecture 78 CS_ARCH_XCORE, // XCore architecture 79 CS_ARCH_MAX, 80 CS_ARCH_ALL = 0xFFFF, // All architectures - for cs_support() 81 } cs_arch; 82 83 // Support value to verify diet mode of the engine. 84 // If cs_support(CS_SUPPORT_DIET) return True, the engine was compiled 85 // in diet mode. 86 #define CS_SUPPORT_DIET (CS_ARCH_ALL + 1) 87 88 // Support value to verify X86 reduce mode of the engine. 89 // If cs_support(CS_SUPPORT_X86_REDUCE) return True, the engine was compiled 90 // in X86 reduce mode. 91 #define CS_SUPPORT_X86_REDUCE (CS_ARCH_ALL + 2) 92 93 // Mode type 94 typedef enum cs_mode { 95 CS_MODE_LITTLE_ENDIAN = 0, // little-endian mode (default mode) 96 CS_MODE_ARM = 0, // 32-bit ARM 97 CS_MODE_16 = 1 << 1, // 16-bit mode (X86) 98 CS_MODE_32 = 1 << 2, // 32-bit mode (X86) 99 CS_MODE_64 = 1 << 3, // 64-bit mode (X86, PPC) 100 CS_MODE_THUMB = 1 << 4, // ARM's Thumb mode, including Thumb-2 101 CS_MODE_MCLASS = 1 << 5, // ARM's Cortex-M series 102 CS_MODE_V8 = 1 << 6, // ARMv8 A32 encodings for ARM 103 CS_MODE_MICRO = 1 << 4, // MicroMips mode (MIPS) 104 CS_MODE_MIPS3 = 1 << 5, // Mips III ISA 105 CS_MODE_MIPS32R6 = 1 << 6, // Mips32r6 ISA 106 CS_MODE_MIPSGP64 = 1 << 7, // General Purpose Registers are 64-bit wide (MIPS) 107 CS_MODE_V9 = 1 << 4, // SparcV9 mode (Sparc) 108 CS_MODE_BIG_ENDIAN = 1 << 31, // big-endian mode 109 CS_MODE_MIPS32 = CS_MODE_32, // Mips32 ISA (Mips) 110 CS_MODE_MIPS64 = CS_MODE_64, // Mips64 ISA (Mips) 111 } cs_mode; 112 113 typedef void* (CAPSTONE_API *cs_malloc_t)(size_t size); 114 typedef void* (CAPSTONE_API *cs_calloc_t)(size_t nmemb, size_t size); 115 typedef void* (CAPSTONE_API *cs_realloc_t)(void *ptr, size_t size); 116 typedef void (CAPSTONE_API *cs_free_t)(void *ptr); 117 typedef int (CAPSTONE_API *cs_vsnprintf_t)(char *str, size_t size, const char *format, va_list ap); 118 119 120 // User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() 121 // By default, Capstone uses system's malloc(), calloc(), realloc(), free() & vsnprintf(). 122 typedef struct cs_opt_mem { 123 cs_malloc_t malloc; 124 cs_calloc_t calloc; 125 cs_realloc_t realloc; 126 cs_free_t free; 127 cs_vsnprintf_t vsnprintf; 128 } cs_opt_mem; 129 130 // Runtime option for the disassembled engine 131 typedef enum cs_opt_type { 132 CS_OPT_INVALID = 0, // No option specified 133 CS_OPT_SYNTAX, // Assembly output syntax 134 CS_OPT_DETAIL, // Break down instruction structure into details 135 CS_OPT_MODE, // Change engine's mode at run-time 136 CS_OPT_MEM, // User-defined dynamic memory related functions 137 CS_OPT_SKIPDATA, // Skip data when disassembling. Then engine is in SKIPDATA mode. 138 CS_OPT_SKIPDATA_SETUP, // Setup user-defined function for SKIPDATA option 139 } cs_opt_type; 140 141 // Runtime option value (associated with option type above) 142 typedef enum cs_opt_value { 143 CS_OPT_OFF = 0, // Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA. 144 CS_OPT_ON = 3, // Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). 145 CS_OPT_SYNTAX_DEFAULT = 0, // Default asm syntax (CS_OPT_SYNTAX). 146 CS_OPT_SYNTAX_INTEL, // X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). 147 CS_OPT_SYNTAX_ATT, // X86 ATT asm syntax (CS_OPT_SYNTAX). 148 CS_OPT_SYNTAX_NOREGNAME, // Prints register name with only number (CS_OPT_SYNTAX) 149 } cs_opt_value; 150 151 //> Common instruction operand types - to be consistent across all architectures. 152 typedef enum cs_op_type { 153 CS_OP_INVALID = 0, // uninitialized/invalid operand. 154 CS_OP_REG, // Register operand. 155 CS_OP_IMM, // Immediate operand. 156 CS_OP_MEM, // Memory operand. 157 CS_OP_FP, // Floating-Point operand. 158 } cs_op_type; 159 160 //> Common instruction groups - to be consistent across all architectures. 161 typedef enum cs_group_type { 162 CS_GRP_INVALID = 0, // uninitialized/invalid group. 163 CS_GRP_JUMP, // all jump instructions (conditional+direct+indirect jumps) 164 CS_GRP_CALL, // all call instructions 165 CS_GRP_RET, // all return instructions 166 CS_GRP_INT, // all interrupt instructions (int+syscall) 167 CS_GRP_IRET, // all interrupt return instructions 168 } cs_group_type; 169 170 /* 171 User-defined callback function for SKIPDATA option. 172 See tests/test_skipdata.c for sample code demonstrating this API. 173 174 @code: the input buffer containing code to be disassembled. 175 This is the same buffer passed to cs_disasm(). 176 @code_size: size (in bytes) of the above @code buffer. 177 @offset: the position of the currently-examining byte in the input 178 buffer @code mentioned above. 179 @user_data: user-data passed to cs_option() via @user_data field in 180 cs_opt_skipdata struct below. 181 182 @return: return number of bytes to skip, or 0 to immediately stop disassembling. 183 */ 184 typedef size_t (CAPSTONE_API *cs_skipdata_cb_t)(const uint8_t *code, size_t code_size, size_t offset, void *user_data); 185 186 // User-customized setup for SKIPDATA option 187 typedef struct cs_opt_skipdata { 188 // Capstone considers data to skip as special "instructions". 189 // User can specify the string for this instruction's "mnemonic" here. 190 // By default (if @mnemonic is NULL), Capstone use ".byte". 191 const char *mnemonic; 192 193 // User-defined callback function to be called when Capstone hits data. 194 // If the returned value from this callback is positive (>0), Capstone 195 // will skip exactly that number of bytes & continue. Otherwise, if 196 // the callback returns 0, Capstone stops disassembling and returns 197 // immediately from cs_disasm() 198 // NOTE: if this callback pointer is NULL, Capstone would skip a number 199 // of bytes depending on architectures, as following: 200 // Arm: 2 bytes (Thumb mode) or 4 bytes. 201 // Arm64: 4 bytes. 202 // Mips: 4 bytes. 203 // PowerPC: 4 bytes. 204 // Sparc: 4 bytes. 205 // SystemZ: 2 bytes. 206 // X86: 1 bytes. 207 // XCore: 2 bytes. 208 cs_skipdata_cb_t callback; // default value is NULL 209 210 // User-defined data to be passed to @callback function pointer. 211 void *user_data; 212 } cs_opt_skipdata; 213 214 215 #include "arm.h" 216 #include "arm64.h" 217 #include "mips.h" 218 #include "ppc.h" 219 #include "sparc.h" 220 #include "systemz.h" 221 #include "x86.h" 222 #include "xcore.h" 223 224 // NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON 225 typedef struct cs_detail { 226 uint8_t regs_read[12]; // list of implicit registers read by this insn 227 uint8_t regs_read_count; // number of implicit registers read by this insn 228 229 uint8_t regs_write[20]; // list of implicit registers modified by this insn 230 uint8_t regs_write_count; // number of implicit registers modified by this insn 231 232 uint8_t groups[8]; // list of group this instruction belong to 233 uint8_t groups_count; // number of groups this insn belongs to 234 235 // Architecture-specific instruction info 236 union { 237 cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 238 cs_arm64 arm64; // ARM64 architecture (aka AArch64) 239 cs_arm arm; // ARM architecture (including Thumb/Thumb2) 240 cs_mips mips; // MIPS architecture 241 cs_ppc ppc; // PowerPC architecture 242 cs_sparc sparc; // Sparc architecture 243 cs_sysz sysz; // SystemZ architecture 244 cs_xcore xcore; // XCore architecture 245 }; 246 } cs_detail; 247 248 // Detail information of disassembled instruction 249 typedef struct cs_insn { 250 // Instruction ID (basically a numeric ID for the instruction mnemonic) 251 // Find the instruction id in the '[ARCH]_insn' enum in the header file 252 // of corresponding architecture, such as 'arm_insn' in arm.h for ARM, 253 // 'x86_insn' in x86.h for X86, etc... 254 // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 255 // NOTE: in Skipdata mode, "data" instruction has 0 for this id field. 256 unsigned int id; 257 258 // Address (EIP) of this instruction 259 // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 260 uint64_t address; 261 262 // Size of this instruction 263 // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 264 uint16_t size; 265 // Machine bytes of this instruction, with number of bytes indicated by @size above 266 // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 267 uint8_t bytes[16]; 268 269 // Ascii text of instruction mnemonic 270 // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 271 char mnemonic[32]; 272 273 // Ascii text of instruction operands 274 // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 275 char op_str[160]; 276 277 // Pointer to cs_detail. 278 // NOTE: detail pointer is only valid when both requirements below are met: 279 // (1) CS_OP_DETAIL = CS_OPT_ON 280 // (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) 281 // 282 // NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer 283 // is not NULL, its content is still irrelevant. 284 cs_detail *detail; 285 } cs_insn; 286 287 288 // Calculate the offset of a disassembled instruction in its buffer, given its position 289 // in its array of disassembled insn 290 // NOTE: this macro works with position (>=1), not index 291 #define CS_INSN_OFFSET(insns, post) (insns[post - 1].address - insns[0].address) 292 293 294 // All type of errors encountered by Capstone API. 295 // These are values returned by cs_errno() 296 typedef enum cs_err { 297 CS_ERR_OK = 0, // No error: everything was fine 298 CS_ERR_MEM, // Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() 299 CS_ERR_ARCH, // Unsupported architecture: cs_open() 300 CS_ERR_HANDLE, // Invalid handle: cs_op_count(), cs_op_index() 301 CS_ERR_CSH, // Invalid csh argument: cs_close(), cs_errno(), cs_option() 302 CS_ERR_MODE, // Invalid/unsupported mode: cs_open() 303 CS_ERR_OPTION, // Invalid/unsupported option: cs_option() 304 CS_ERR_DETAIL, // Information is unavailable because detail option is OFF 305 CS_ERR_MEMSETUP, // Dynamic memory management uninitialized (see CS_OPT_MEM) 306 CS_ERR_VERSION, // Unsupported version (bindings) 307 CS_ERR_DIET, // Access irrelevant data in "diet" engine 308 CS_ERR_SKIPDATA, // Access irrelevant data for "data" instruction in SKIPDATA mode 309 CS_ERR_X86_ATT, // X86 AT&T syntax is unsupported (opt-out at compile time) 310 CS_ERR_X86_INTEL, // X86 Intel syntax is unsupported (opt-out at compile time) 311 } cs_err; 312 313 /* 314 Return combined API version & major and minor version numbers. 315 316 @major: major number of API version 317 @minor: minor number of API version 318 319 @return hexical number as (major << 8 | minor), which encodes both 320 major & minor versions. 321 NOTE: This returned value can be compared with version number made 322 with macro CS_MAKE_VERSION 323 324 For example, second API version would return 1 in @major, and 1 in @minor 325 The return value would be 0x0101 326 327 NOTE: if you only care about returned value, but not major and minor values, 328 set both @major & @minor arguments to NULL. 329 */ 330 CAPSTONE_EXPORT 331 unsigned int CAPSTONE_API cs_version(int *major, int *minor); 332 333 334 /* 335 This API can be used to either ask for archs supported by this library, 336 or check to see if the library was compile with 'diet' option (or called 337 in 'diet' mode). 338 339 To check if a particular arch is supported by this library, set @query to 340 arch mode (CS_ARCH_* value). 341 To verify if this library supports all the archs, use CS_ARCH_ALL. 342 343 To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. 344 345 @return True if this library supports the given arch, or in 'diet' mode. 346 */ 347 CAPSTONE_EXPORT 348 bool CAPSTONE_API cs_support(int query); 349 350 /* 351 Initialize CS handle: this must be done before any usage of CS. 352 353 @arch: architecture type (CS_ARCH_*) 354 @mode: hardware mode. This is combined of CS_MODE_* 355 @handle: pointer to handle, which will be updated at return time 356 357 @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 358 for detailed error). 359 */ 360 CAPSTONE_EXPORT 361 cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh *handle); 362 363 /* 364 Close CS handle: MUST do to release the handle when it is not used anymore. 365 NOTE: this must be only called when there is no longer usage of Capstone, 366 not even access to cs_insn array. The reason is the this API releases some 367 cached memory, thus access to any Capstone API after cs_close() might crash 368 your application. 369 370 In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). 371 372 @handle: pointer to a handle returned by cs_open() 373 374 @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 375 for detailed error). 376 */ 377 CAPSTONE_EXPORT 378 cs_err CAPSTONE_API cs_close(csh *handle); 379 380 /* 381 Set option for disassembling engine at runtime 382 383 @handle: handle returned by cs_open() 384 @type: type of option to be set 385 @value: option value corresponding with @type 386 387 @return: CS_ERR_OK on success, or other value on failure. 388 Refer to cs_err enum for detailed error. 389 390 NOTE: in the case of CS_OPT_MEM, handle's value can be anything, 391 so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called 392 even before cs_open() 393 */ 394 CAPSTONE_EXPORT 395 cs_err CAPSTONE_API cs_option(csh handle, cs_opt_type type, size_t value); 396 397 /* 398 Report the last error number when some API function fail. 399 Like glibc's errno, cs_errno might not retain its old value once accessed. 400 401 @handle: handle returned by cs_open() 402 403 @return: error code of cs_err enum type (CS_ERR_*, see above) 404 */ 405 CAPSTONE_EXPORT 406 cs_err CAPSTONE_API cs_errno(csh handle); 407 408 409 /* 410 Return a string describing given error code. 411 412 @code: error code (see CS_ERR_* above) 413 414 @return: returns a pointer to a string that describes the error code 415 passed in the argument @code 416 */ 417 CAPSTONE_EXPORT 418 const char * CAPSTONE_API cs_strerror(cs_err code); 419 420 /* 421 Disassemble binary code, given the code buffer, size, address and number 422 of instructions to be decoded. 423 This API dynamically allocate memory to contain disassembled instruction. 424 Resulted instructions will be put into @*insn 425 426 NOTE 1: this API will automatically determine memory needed to contain 427 output disassembled instructions in @insn. 428 429 NOTE 2: caller must free the allocated memory itself to avoid memory leaking. 430 431 NOTE 3: for system with scarce memory to be dynamically allocated such as 432 OS kernel or firmware, the API cs_disasm_iter() might be a better choice than 433 cs_disasm(). The reason is that with cs_disasm(), based on limited available 434 memory, we have to calculate in advance how many instructions to be disassembled, 435 which complicates things. This is especially troublesome for the case @count=0, 436 when cs_disasm() runs uncontrollably (until either end of input buffer, or 437 when it encounters an invalid instruction). 438 439 @handle: handle returned by cs_open() 440 @code: buffer containing raw binary code to be disassembled. 441 @code_size: size of the above code buffer. 442 @address: address of the first instruction in given raw code buffer. 443 @insn: array of instructions filled in by this API. 444 NOTE: @insn will be allocated by this function, and should be freed 445 with cs_free() API. 446 @count: number of instructions to be disassembled, or 0 to get all of them 447 448 @return: the number of successfully disassembled instructions, 449 or 0 if this function failed to disassemble the given code 450 451 On failure, call cs_errno() for error code. 452 */ 453 CAPSTONE_EXPORT 454 size_t CAPSTONE_API cs_disasm(csh handle, 455 const uint8_t *code, size_t code_size, 456 uint64_t address, 457 size_t count, 458 cs_insn **insn); 459 460 /* 461 Deprecated function - to be retired in the next version! 462 Use cs_disasm() instead of cs_disasm_ex() 463 */ 464 CAPSTONE_EXPORT 465 CAPSTONE_DEPRECATED 466 size_t CAPSTONE_API cs_disasm_ex(csh handle, 467 const uint8_t *code, size_t code_size, 468 uint64_t address, 469 size_t count, 470 cs_insn **insn); 471 472 /* 473 Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) 474 475 @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() 476 @count: number of cs_insn structures returned by cs_disasm(), or 1 477 to free memory allocated by cs_malloc(). 478 */ 479 CAPSTONE_EXPORT 480 void CAPSTONE_API cs_free(cs_insn *insn, size_t count); 481 482 483 /* 484 Allocate memory for 1 instruction to be used by cs_disasm_iter(). 485 486 @handle: handle returned by cs_open() 487 488 NOTE: when no longer in use, you can reclaim the memory allocated for 489 this instruction with cs_free(insn, 1) 490 */ 491 CAPSTONE_EXPORT 492 cs_insn * CAPSTONE_API cs_malloc(csh handle); 493 494 /* 495 Fast API to disassemble binary code, given the code buffer, size, address 496 and number of instructions to be decoded. 497 This API put the resulted instruction into a given cache in @insn. 498 See tests/test_iter.c for sample code demonstrating this API. 499 500 NOTE 1: this API will update @code, @size & @address to point to the next 501 instruction in the input buffer. Therefore, it is convenient to use 502 cs_disasm_iter() inside a loop to quickly iterate all the instructions. 503 While decoding one instruction at a time can also be achieved with 504 cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% 505 faster on random input. 506 507 NOTE 2: the cache in @insn can be created with cs_malloc() API. 508 509 NOTE 3: for system with scarce memory to be dynamically allocated such as 510 OS kernel or firmware, this API is recommended over cs_disasm(), which 511 allocates memory based on the number of instructions to be disassembled. 512 The reason is that with cs_disasm(), based on limited available memory, 513 we have to calculate in advance how many instructions to be disassembled, 514 which complicates things. This is especially troublesome for the case 515 @count=0, when cs_disasm() runs uncontrollably (until either end of input 516 buffer, or when it encounters an invalid instruction). 517 518 @handle: handle returned by cs_open() 519 @code: buffer containing raw binary code to be disassembled 520 @size: size of above code 521 @address: address of the first insn in given raw code buffer 522 @insn: pointer to instruction to be filled in by this API. 523 524 @return: true if this API successfully decode 1 instruction, 525 or false otherwise. 526 527 On failure, call cs_errno() for error code. 528 */ 529 CAPSTONE_EXPORT 530 bool CAPSTONE_API cs_disasm_iter(csh handle, 531 const uint8_t **code, size_t *size, 532 uint64_t *address, cs_insn *insn); 533 534 /* 535 Return friendly name of register in a string. 536 Find the instruction id from header file of corresponding architecture (arm.h for ARM, 537 x86.h for X86, ...) 538 539 WARN: when in 'diet' mode, this API is irrelevant because engine does not 540 store register name. 541 542 @handle: handle returned by cs_open() 543 @reg_id: register id 544 545 @return: string name of the register, or NULL if @reg_id is invalid. 546 */ 547 CAPSTONE_EXPORT 548 const char * CAPSTONE_API cs_reg_name(csh handle, unsigned int reg_id); 549 550 /* 551 Return friendly name of an instruction in a string. 552 Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 553 554 WARN: when in 'diet' mode, this API is irrelevant because the engine does not 555 store instruction name. 556 557 @handle: handle returned by cs_open() 558 @insn_id: instruction id 559 560 @return: string name of the instruction, or NULL if @insn_id is invalid. 561 */ 562 CAPSTONE_EXPORT 563 const char * CAPSTONE_API cs_insn_name(csh handle, unsigned int insn_id); 564 565 /* 566 Return friendly name of a group id (that an instruction can belong to) 567 Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 568 569 WARN: when in 'diet' mode, this API is irrelevant because the engine does not 570 store group name. 571 572 @handle: handle returned by cs_open() 573 @group_id: group id 574 575 @return: string name of the group, or NULL if @group_id is invalid. 576 */ 577 CAPSTONE_EXPORT 578 const char * CAPSTONE_API cs_group_name(csh handle, unsigned int group_id); 579 580 /* 581 Check if a disassembled instruction belong to a particular group. 582 Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 583 Internally, this simply verifies if @group_id matches any member of insn->groups array. 584 585 NOTE: this API is only valid when detail option is ON (which is OFF by default). 586 587 WARN: when in 'diet' mode, this API is irrelevant because the engine does not 588 update @groups array. 589 590 @handle: handle returned by cs_open() 591 @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 592 @group_id: group that you want to check if this instruction belong to. 593 594 @return: true if this instruction indeed belongs to aboved group, or false otherwise. 595 */ 596 CAPSTONE_EXPORT 597 bool CAPSTONE_API cs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id); 598 599 /* 600 Check if a disassembled instruction IMPLICITLY used a particular register. 601 Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 602 Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. 603 604 NOTE: this API is only valid when detail option is ON (which is OFF by default) 605 606 WARN: when in 'diet' mode, this API is irrelevant because the engine does not 607 update @regs_read array. 608 609 @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 610 @reg_id: register that you want to check if this instruction used it. 611 612 @return: true if this instruction indeed implicitly used aboved register, or false otherwise. 613 */ 614 CAPSTONE_EXPORT 615 bool CAPSTONE_API cs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id); 616 617 /* 618 Check if a disassembled instruction IMPLICITLY modified a particular register. 619 Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 620 Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. 621 622 NOTE: this API is only valid when detail option is ON (which is OFF by default) 623 624 WARN: when in 'diet' mode, this API is irrelevant because the engine does not 625 update @regs_write array. 626 627 @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 628 @reg_id: register that you want to check if this instruction modified it. 629 630 @return: true if this instruction indeed implicitly modified aboved register, or false otherwise. 631 */ 632 CAPSTONE_EXPORT 633 bool CAPSTONE_API cs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id); 634 635 /* 636 Count the number of operands of a given type. 637 Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 638 639 NOTE: this API is only valid when detail option is ON (which is OFF by default) 640 641 @handle: handle returned by cs_open() 642 @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 643 @op_type: Operand type to be found. 644 645 @return: number of operands of given type @op_type in instruction @insn, 646 or -1 on failure. 647 */ 648 CAPSTONE_EXPORT 649 int CAPSTONE_API cs_op_count(csh handle, const cs_insn *insn, unsigned int op_type); 650 651 /* 652 Retrieve the position of operand of given type in <arch>.operands[] array. 653 Later, the operand can be accessed using the returned position. 654 Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 655 656 NOTE: this API is only valid when detail option is ON (which is OFF by default) 657 658 @handle: handle returned by cs_open() 659 @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 660 @op_type: Operand type to be found. 661 @position: position of the operand to be found. This must be in the range 662 [1, cs_op_count(handle, insn, op_type)] 663 664 @return: index of operand of given type @op_type in <arch>.operands[] array 665 in instruction @insn, or -1 on failure. 666 */ 667 CAPSTONE_EXPORT 668 int CAPSTONE_API cs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, 669 unsigned int position); 670 671 #ifdef __cplusplus 672 } 673 #endif 674 675 #endif 676