https://github.com/mahdisafsafi/univdisasm
x86 Disassembler and Analyzer
https://github.com/mahdisafsafi/univdisasm
avx512 delphi disassembler x86-64
Last synced: 3 months ago
JSON representation
x86 Disassembler and Analyzer
- Host: GitHub
- URL: https://github.com/mahdisafsafi/univdisasm
- Owner: MahdiSafsafi
- License: mpl-2.0
- Created: 2015-08-20T16:12:33.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2019-01-20T21:27:22.000Z (almost 7 years ago)
- Last Synced: 2025-03-09T21:53:35.658Z (10 months ago)
- Topics: avx512, delphi, disassembler, x86-64
- Language: Pascal
- Size: 6.37 MB
- Stars: 98
- Watchers: 15
- Forks: 36
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# UnivDisasm
**UnivDisasm** is a powerful x86 disassembler and opcodes analyzer library for x86 architectures.
# Disassembler
**Features**:
- Support **x86** and **x86-64** architectures.
- Support **Intel** and **AMD** instructions.
- Support mostly all instructions found in Intel and AMD documentations, including:
* FPU,MMX;
* SSE,SSE2,SSE3,SSSE3,SSE4.1,SSE4.2,SSE5;
* 3DNOW;
* AES, MPX, F16C, TSX, VME, BMI, BMI2 …
* FMA,FMA4;
* AVX,AVX2;
* AVX512F, AVX512BW, AVX512CD, AVX512DQ, AVX512ER, AVX512PF, AVX512VBMI, AVX512IFMA.
- Support **REX, DREX, VEX, EVEX** and **XOP** instructions encoding.
- EFlags/RFlags: UnivDisasm can recognize instructions that may *affect*, *modify* or *reset* EFlags/RFlags register.
- Instructions are grouped into two order: instructions groups and instructions categories.
- Each instruction has its own identifier make it easy to find and match decoded instructions.
- Detect instruction's table.
- Branch instructions: UnivDisasm recognize branch and calculate the destination address, make it easy for you to follow branch instructions.
- Support **VSIB** memory addressing.
- Support **Intel enhancement syntax**:
- Masking.
- Zeroing.
- Rounding.
- Broadcasting.
- Support the compressed displacement **disp8*N**.
- Reconize pseudo-ops instructions such as CMPPS.
- Built-in analyzer to recognize warnings and errors.
- Safe: UnivDisasm was designed to be safe, that’s mean it’s safe for multi threads (**thread safe**).And provides built-in mechanisms for errors and safe bytes reading.
- Faster: Due to its coding architecture, UnivDisasm is considered to be faster to decode instructions.
- Customized: UnivDisasm has an open architecture allowing for easy to extend for others syntax. You can have your own assembler syntax with less code writing!
**Examples**
The left side is the instructions opcodes and the right side is the full instructions str decoded by UnivDisasm.
```
[$48,$8B,$04,$55,$56,$34,$12,$00] : # mov rax,qword [rdx*2+0x00123456]
[$48,$69,$C1,$05,$00,$00,$00] : # imul rax,rcx,00000005
[$FF,$35,$23,$01,$00,$00 ] : # push qword [rip 0x00000123]
[$D8,$C7 ] : # fadd st(0),st(7)
[$DC,$EF ] : # fsub st(7),st(0)
[$62,$01,$95,$C7,$58,$F4 ] : # vaddpd zmm30{k7}{z},zmm29,zmm28
[$62,$01,$95,$10,$58,$F4 ] : # vaddpd zmm30,zmm29,zmm28,{rn-sae}
[$62,$01,$95,$70,$58,$F4 ] : # vaddpd zmm30,zmm29,zmm28,{rz-sae}
[$62,$91,$0C,$47,$C2,$ED,$19 ] : # vcmpnge_uqps k5{k7},zmm30,zmm29
[$62,$03,$15,$00,$21,$F4,$AB ] : # vinsertps xmm30,xmm29,xmm28,0xab
[$62,$63,$15,$50,$03,$72,$7F,$7B ] : # valignd zmm30,zmm29,dword disp8[rdx+0x1fc]{1to16},0x7b
[$62,$62,$95,$50,$65,$72,$80 ] : # vblendmpd zmm30,zmm29,qword disp8[rdx-0x400]{1to8}
[$62,$02,$FD,$41,$92,$74,$39,$20 ] : # vgatherdpd zmm30{k1},qword disp8[r9+ymm31*1+0x100]
[$62,$63,$95,$47,$3A,$B2,$E0,$EF,$FF,$FF,$7B] : # vinserti64x4 zmm30{k7},zmm29,yword [rdx-0x1020],0x7b
[$62,$63,$15,$50,$03,$B2,$00,$02,$00,$00,$7B] : # valignd zmm30,zmm29,dword [rdx+0x200]{1to16},0x7b
[$62,$02,$FD,$41,$92,$B4,$FE,$7B,$00,$00,$00] : # vgatherdpd zmm30{k1},qword [r14+ymm31*8+0x7b]
[$62,$02,$FD,$41,$92,$B4,$FE,$7B,$00,$00,$00] : # vgatherdpd zmm30{k1},qword [r14+ymm31*8+0x7b]
[$62,$22,$FD,$41,$92,$B4,$B9,$00,$04,$00,$00] : # vgatherdpd zmm30{k1},qword [rcx+ymm31*4+0x400]
[$62,$02,$7D,$41,$92,$B4,$FE,$7B,$00,$00,$00] : # vgatherdps zmm30{k1},dword [r14+zmm31*8+0x7b]
[$62,$02,$7D,$41,$92,$B4,$FE,$7B,$00,$00,$00] : # vgatherdps zmm30{k1},dword [r14+zmm31*8+0x7b]
[$62,$B1,$0C,$40,$C2,$AC,$F0,$23,$01,$00,$00,$1A] : # vcmpngt_uqps k5,zmm30,zword [rax+r14*8+0x123]
```
Sample Dump (not all features are included):
```
# [0x62 0x61 0x95 0x40 0x58 0x72 0x7F]
# vaddpd zmm30,zmm29,zword disp8[rdx+0x1fc0]
ins.Prefixes.EVEXPrf.Flags := PF_USED + PF_VALID
ins.Encoding := ENC_EVEX
ins.AddressMode = AM_64
ins.ModRm.Value = 0x72
ins.ModRm.Value.Mod = 1
ins.ModRm.Value.Reg = 6
ins.ModRm.Value.Rm = 2
ins.Disp.Flags = DF_USED + DF_DISP8N
ins.Disp.N = 64
ins.Disp.Value = 0x1FC0
ins.Disp.Size = SIZE_WORD
ins.InstID = INST_ID_VADDPD
ins.Mnem = INST_MNEM_VADDPD
ins.InstGroups = INST_GRP_AVX512F + INST_GRP_VL
ins.nArg = 3
ins.Arg1.Flags = AF_REG
ins.Arg1.Size = SIZE_ZWORD
ins.Arg1.Reg = REG_ZMM30
ins.Arg2.Flags = AF_REG
ins.Arg2.Size = SIZE_ZWORD
ins.Arg2.Reg = REG_ZMM29
ins.Arg3.Flags = AF_MEM
ins.Arg3.Size = SIZE_ZWORD
ins.Arg3.Mem.BaseReg = REG_RDX
...
...
```
# Command line
UnivDisasm has a command line tool to disasm sequence of bytes of opcodes.
***Usage***: ```UnivDisasm [][...]```
- **Options**:
- -h : Display help.
- -v : Vendor = <*Intel,AMD,CENTAUR>.
- -x : Architecture = *32 or 64.
- * means default to this value if not specified.
- **OpCodes**: Sequence of bytes of opcodes.
- Note: If you are using hex format, each byte must be preceded by (**0x** or **$**) prefix.
***Eg***: ```UnivDisasm.exe -v intel -x 32 "0x62 0x02 0x95 0x40 0x65 0xF4"```
# Simple GUI
A simple graphical user interface (GUI) to list UnivDisasm capability.
# Analyzer
UnivDisasm has a powerful analyzer, make it easy to find errors and detect for warnings.
**Features**:
- Detect instructions that may cause crash if executed.
- Detect wrong prefixes combining.
- Detect wrong address memory.
- Detect wrong segment registers.
- Detect for unlockable instructions.
- Detect instructions that doesn’t initialize BND registers.
**Errors recognized by Analyzer**:
```
{ Errors }
ERROR_SUCCESS : No errors detected.
ERROR_INVALID_OPERAND_SIZE : Invalid J size.
ERROR_INVALID_EFFECTIVE_ADDRESS : Invalid memory address => May cause AV.
ERROR_INVALID_ADDRESS_MODE : Invalid Address mode.
ERROR_VL_EXPECTED_UPPER : Vector length size must be YWORD or ZWORD.
ERROR_VL_EXPECTED_LOWER : Vector length size must be OWORD or YWORD.
ERROR_INVALID_SEGMENT : Invalid segment register.
ERROR_INVALID_VEX_ESCAPE : Invalid VEX prefix escape.
ERROR_INVALID_EVEX_ESCAPE : Invalid EVEX prefix escape.
ERROR_INVALID_XOP_ESCAPE : Invalid XOP prefix escape.
ERROR_EXCEEDED_SAFE_LENGTH : Exceeded Safe length.
ERROR_SIB_EXPECTED
ERROR_RELATIVE_ADDRESS_PROHIBITED
ERROR_INVALID_OPCODE
ERROR_INTERNAL : Internal Error
```
**Warnings recognized by Analyzer**:
```
{ Warnings }
WARN_NIL { No warnings }
WARN_INST_NOT_LOCKABLE : Instruction not lockable.
WARN_XAQUIRE_INVALID : Invalid XAQUIRE prefix.
WARN_REPNE_INVALID : Invalid REPNE prefix.
WARN_REP_INVALID : Invalid REP prefix.
WARN_REPE_INVALID : Invalid REPE prefix.
WARN_XRELEASE_INVALID
WARN_SUPERFLUOUS_PREFIX : Prefix found , but not required.
WARN_XAQUIRE_NEED_LOCK : XAQUIRE prefix require LOCK prefix.
WARN_XRELEASE_NEED_LOCK : XRELEASE prefix require LOCK prefix.
WARN_SOURCE_OPERAND_NOT_MEM : Source operand must be memory.
WARN_CS_PREFIX_IGNORED : CS segment override prefix is ignored.
WARN_DS_PREFIX_IGNORED : DS segment override prefix is ignored.
WARN_SS_PREFIX_IGNORED : SS segment override prefix is ignored.
WARN_ES_PREFIX_IGNORED : ES segment override prefix is ignored.
WARN_BND_NO_INIT : Instruction doesn't init bnd regs.
WARN_INDEX_REG_NOT_USED_IN_EAC : Index register is not used in effective address calculation.
```
### Delphinus-Support :
Do you use Delphinus ? You may want to install UnivDisasm from Delphinus.