Zydis

TimoVJL · October 03, 2017, 07:14:12 PM

Another disassembler engine:
Zyan Disassembler Engine (Zydis)

Code size about 300 kb.

EDIT: PEObjDisAsm, an example for an object file asm dump.

EDIT 2017-10-25: PEObjDisAsm_WS_a3.zip with modified line lengths src\Generated\DecoderTables.inc.
additional files FormatHelperMasm.c FormatterMasm.c

EDIT 2017-11-22: PEObjDisAsm_WS_a7.zip code bytes and funtion names.
EDIT 2018-02-14: PEObjDisAsm_WS_a8.zip some fixes for symbols.

Jokaste · October 04, 2017, 01:50:38 AM

Very interesting. I download it immediatly.

TimoVJL · October 25, 2017, 12:20:37 PM

A tool to modify line lengths of src\Generated\DecoderTables.inc.
In C source file line length limit is 4096, at least in pocc.

Jokaste · October 25, 2017, 01:57:29 PM

For me that's good
Having a simple listing is nice for me
I would like to have an other with the addresses for seeing aligment
And an other that indicates if the source/destination operand(s) is/are register or memory operand.
That for later giving a name to the address.
I me problems with 2 files, I join into the zip the obj and the source file.
Good work... continue.

Vortex · October 26, 2017, 10:26:39 PM

Hi Timo,

Once again, impressive work. Let me study your project.

Jokaste · November 21, 2017, 08:56:27 PM

Is this project finished?

TimoVJL · November 21, 2017, 09:14:50 PM

Is something missing from that example?

Jokaste · November 21, 2017, 11:05:43 PM

Data segments and Resources.
Or a dump of the datas.
It there was an option for getting bytes code this would be great.
I made a program to optimize source code from podump, strages addresses computed, no possibility to know datas aligment.
PoDump gives the byes code and the source code the two were precious.
With your program i like taht you give the window's functions.
Knowing it we can built (or suppose) the function arguments.
With that we can identify the datas.

TimoVJL · November 22, 2017, 09:03:08 AM

Last version prints code bytes.

EDIT: 2018-02-13: Updated example using Zydis.dll.

Jokaste · November 23, 2017, 10:57:33 AM

TimoVJL · March 15, 2019, 06:53:50 PM

Zydis 3 testing.

bitcoin · September 05, 2020, 02:14:04 PM

Sample test_zydis1.zip not working.
I need to download zydis from github? Or what?

TimoVJL · September 05, 2020, 02:31:54 PM

You need a proper Zydis dll too.
https://forum.pellesc.de/index.php?topic=7206.msg29081#msg29081

Busy right now, but if it doesn't work, just tell me.

bitcoin · September 05, 2020, 03:18:00 PM

This sample (with DLL ) works. but I delete msvcrt_main.c, because if fails in "#pragma comment(lib, "msvcrt.lib")" (not found).
Works good without this.

TimoVJL · September 05, 2020, 03:27:25 PM

msvcrt.lib isn't included in Pelles C, have to find one

News:

Zydis

Jokaste

Jokaste

Jokaste

Jokaste

Jokaste