Pascal language bindings for the Zydis library, a fast and lightweight x86/x86-64 disassembler.
Readme
The Zydis pascal bindings support both dynamic and static linkage. The required binaries for Windows can be acquired in the Releases section.
Dynamic
Extract the Zydis32.dll or Zydis64.dll from the Bin32/Bin64 folder to the directory that contains your application or install the library to your C:\Windows\System32\ (64-bit) / C:\Windows\SysWOW64\ (32-bit) directory
Enable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive (enabled by default) in Zydis.pas
Static
Extract the complete Bin32/Bin64 folder to the root of the pascal bindings directory
Disable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive in Zydis.pas
Example
Output
Readme
The Zydis pascal bindings support both dynamic and static linkage. The required binaries for Windows can be acquired in the Releases section.
Dynamic
Extract the Zydis32.dll or Zydis64.dll from the Bin32/Bin64 folder to the directory that contains your application or install the library to your C:\Windows\System32\ (64-bit) / C:\Windows\SysWOW64\ (32-bit) directory
Enable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive (enabled by default) in Zydis.pas
Static
Extract the complete Bin32/Bin64 folder to the root of the pascal bindings directory
Disable the {$DEFINE ZYDIS_DYNAMIC_LINK} compiler-directive in Zydis.pas
Example
Code:
uses
System.SysUtils,
Zydis,
Zydis.Exception,
Zydis.Decoder,
Zydis.Formatter;
const
X86DATA: array of Byte = [$51, $8D, $45, $FF, $50, $FF, $75, $0C, $FF, $75,
$08, $FF, $15, $A0, $A5, $48, $76, $85, $C0, $0F,
$88, $FC, $DA, $02, $00];
var
Formatter: Zydis.Formatter.TZydisFormatter;
Decoder: Zydis.Decoder.TZydisDecoder;
InstructionPointer: ZydisU64;
Offset: Integer;
Instruction: TZydisDecodedInstruction;
begin
try
if (ZydisGetVersion <> ZYDIS_VERSION) then
begin
raise Exception.Create('Invalid Zydis version');
end;
Formatter := Zydis.Formatter.TZydisFormatter.Create(ZYDIS_FORMATTER_STYLE_INTEL);
try
Formatter.ForceMemorySegments := true;
Formatter.ForceMemorySize := true;
Decoder :=
Zydis.Decoder.TZydisDecoder.Create(ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
try
InstructionPointer := $007FFFFFFF400000;
Offset := 0;
repeat
Decoder.DecodeBuffer(@X86DATA[Offset], Length(X86DATA) - Offset, InstructionPointer,
Instruction);
WriteLn(Format('%.16x %s',
[InstructionPointer, Formatter.FormatInstruction(Instruction)]));
Inc(InstructionPointer, Instruction.Length);
Inc(Offset, Instruction.Length);
until (Offset >= Length(X86DATA));
finally
Decoder.Free;
end;
finally
Formatter.Free;
end;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
end.Output
Code:
007FFFFFFF400000 push rcx
007FFFFFFF400001 lea eax, ss:[rbp-0x01]
007FFFFFFF400004 push rax
007FFFFFFF400005 push qword ptr ss:[rbp+0x0C]
007FFFFFFF400008 push qword ptr ss:[rbp+0x08]
007FFFFFFF40000B call qword ptr ds:[0x008000007588A5B1]
007FFFFFFF400011 test eax, eax
007FFFFFFF400013 js 0x007FFFFFFF42DB15