...

Package x86asm

import "golang.org/x/arch/x86/x86asm"
Overview
Index

Overview ▾

Package x86asm implements decoding of x86 machine code.

Variables

These are the errors returned by Decode.

var (
    ErrInvalidMode  = errors.New("invalid x86 mode in Decode")
    ErrTruncated    = errors.New("truncated instruction")
    ErrUnrecognized = errors.New("unrecognized instruction")
)

func GNUSyntax

func GNUSyntax(inst Inst, pc uint64, symname SymLookup) string

GNUSyntax returns the GNU assembler syntax for the instruction, as defined by GNU binutils. This general form is often called “AT&T syntax” as a reference to AT&T System V Unix.

func GoSyntax

func GoSyntax(inst Inst, pc uint64, symname SymLookup) string

GoSyntax returns the Go assembler syntax for the instruction. The syntax was originally defined by Plan 9. The pc is the program counter of the instruction, used for expanding PC-relative addresses into absolute ones. The symname function queries the symbol table for the program being disassembled. Given a target address it returns the name and base address of the symbol containing the target, if any; otherwise it returns "", 0.

func IntelSyntax

func IntelSyntax(inst Inst, pc uint64, symname SymLookup) string

IntelSyntax returns the Intel assembler syntax for the instruction, as defined by Intel's XED tool.

type Arg

An Arg is a single instruction argument, one of these types: Reg, Mem, Imm, Rel.

type Arg interface {
    String() string
    // contains filtered or unexported methods
}

type Args

An Args holds the instruction arguments. If an instruction has fewer than 4 arguments, the final elements in the array are nil.

type Args [4]Arg

type Imm

An Imm is an integer constant.

type Imm int64

func (Imm) String

func (i Imm) String() string

type Inst

An Inst is a single instruction.

type Inst struct {
    Prefix   Prefixes // Prefixes applied to the instruction.
    Op       Op       // Opcode mnemonic
    Opcode   uint32   // Encoded opcode bits, left aligned (first byte is Opcode>>24, etc)
    Args     Args     // Instruction arguments, in Intel order
    Mode     int      // processor mode in bits: 16, 32, or 64
    AddrSize int      // address size in bits: 16, 32, or 64
    DataSize int      // operand size in bits: 16, 32, or 64
    MemBytes int      // size of memory argument in bytes: 1, 2, 4, 8, 16, and so on.
    Len      int      // length of encoded instruction in bytes
    PCRel    int      // length of PC-relative address in instruction encoding
    PCRelOff int      // index of start of PC-relative address in instruction encoding
}

func Decode

func Decode(src []byte, mode int) (inst Inst, err error)

Decode decodes the leading bytes in src as a single instruction. The mode arguments specifies the assumed processor mode: 16, 32, or 64 for 16-, 32-, and 64-bit execution modes.

func (Inst) String

func (i Inst) String() string

type Mem

A Mem is a memory reference. The general form is Segment:[Base+Scale*Index+Disp].

type Mem struct {
    Segment Reg
    Base    Reg
    Scale   uint8
    Index   Reg
    Disp    int64
}

func (Mem) String

func (m Mem) String() string

type Op

An Op is an x86 opcode.

type Op uint32
const (
    AAA Op
    AAD
    AAM
    AAS
    ADC
    ADD
    ADDPD
    ADDPS
    ADDSD
    ADDSS
    ADDSUBPD
    ADDSUBPS
    AESDEC
    AESDECLAST
    AESENC
    AESENCLAST
    AESIMC
    AESKEYGENASSIST
    AND
    ANDNPD
    ANDNPS
    ANDPD
    ANDPS
    ARPL
    BLENDPD
    BLENDPS
    BLENDVPD
    BLENDVPS
    BOUND
    BSF
    BSR
    BSWAP
    BT
    BTC
    BTR
    BTS
    CALL
    CBW
    CDQ
    CDQE
    CLC
    CLD
    CLFLUSH
    CLI
    CLTS
    CMC
    CMOVA
    CMOVAE
    CMOVB
    CMOVBE
    CMOVE
    CMOVG
    CMOVGE
    CMOVL
    CMOVLE
    CMOVNE
    CMOVNO
    CMOVNP
    CMOVNS
    CMOVO
    CMOVP
    CMOVS
    CMP
    CMPPD
    CMPPS
    CMPSB
    CMPSD
    CMPSD_XMM
    CMPSQ
    CMPSS
    CMPSW
    CMPXCHG
    CMPXCHG16B
    CMPXCHG8B
    COMISD
    COMISS
    CPUID
    CQO
    CRC32
    CVTDQ2PD
    CVTDQ2PS
    CVTPD2DQ
    CVTPD2PI
    CVTPD2PS
    CVTPI2PD
    CVTPI2PS
    CVTPS2DQ
    CVTPS2PD
    CVTPS2PI
    CVTSD2SI
    CVTSD2SS
    CVTSI2SD
    CVTSI2SS
    CVTSS2SD
    CVTSS2SI
    CVTTPD2DQ
    CVTTPD2PI
    CVTTPS2DQ
    CVTTPS2PI
    CVTTSD2SI
    CVTTSS2SI
    CWD
    CWDE
    DAA
    DAS
    DEC
    DIV
    DIVPD
    DIVPS
    DIVSD
    DIVSS
    DPPD
    DPPS
    EMMS
    ENTER
    EXTRACTPS
    F2XM1
    FABS
    FADD
    FADDP
    FBLD
    FBSTP
    FCHS
    FCMOVB
    FCMOVBE
    FCMOVE
    FCMOVNB
    FCMOVNBE
    FCMOVNE
    FCMOVNU
    FCMOVU
    FCOM
    FCOMI
    FCOMIP
    FCOMP
    FCOMPP
    FCOS
    FDECSTP
    FDIV
    FDIVP
    FDIVR
    FDIVRP
    FFREE
    FFREEP
    FIADD
    FICOM
    FICOMP
    FIDIV
    FIDIVR
    FILD
    FIMUL
    FINCSTP
    FIST
    FISTP
    FISTTP
    FISUB
    FISUBR
    FLD
    FLD1
    FLDCW
    FLDENV
    FLDL2E
    FLDL2T
    FLDLG2
    FLDLN2
    FLDPI
    FLDZ
    FMUL
    FMULP
    FNCLEX
    FNINIT
    FNOP
    FNSAVE
    FNSTCW
    FNSTENV
    FNSTSW
    FPATAN
    FPREM
    FPREM1
    FPTAN
    FRNDINT
    FRSTOR
    FSCALE
    FSIN
    FSINCOS
    FSQRT
    FST
    FSTP
    FSUB
    FSUBP
    FSUBR
    FSUBRP
    FTST
    FUCOM
    FUCOMI
    FUCOMIP
    FUCOMP
    FUCOMPP
    FWAIT
    FXAM
    FXCH
    FXRSTOR
    FXRSTOR64
    FXSAVE
    FXSAVE64
    FXTRACT
    FYL2X
    FYL2XP1
    HADDPD
    HADDPS
    HLT
    HSUBPD
    HSUBPS
    ICEBP
    IDIV
    IMUL
    IN
    INC
    INSB
    INSD
    INSERTPS
    INSW
    INT
    INTO
    INVD
    INVLPG
    INVPCID
    IRET
    IRETD
    IRETQ
    JA
    JAE
    JB
    JBE
    JCXZ
    JE
    JECXZ
    JG
    JGE
    JL
    JLE
    JMP
    JNE
    JNO
    JNP
    JNS
    JO
    JP
    JRCXZ
    JS
    LAHF
    LAR
    LCALL
    LDDQU
    LDMXCSR
    LDS
    LEA
    LEAVE
    LES
    LFENCE
    LFS
    LGDT
    LGS
    LIDT
    LJMP
    LLDT
    LMSW
    LODSB
    LODSD
    LODSQ
    LODSW
    LOOP
    LOOPE
    LOOPNE
    LRET
    LSL
    LSS
    LTR
    LZCNT
    MASKMOVDQU
    MASKMOVQ
    MAXPD
    MAXPS
    MAXSD
    MAXSS
    MFENCE
    MINPD
    MINPS
    MINSD
    MINSS
    MONITOR
    MOV
    MOVAPD
    MOVAPS
    MOVBE
    MOVD
    MOVDDUP
    MOVDQ2Q
    MOVDQA
    MOVDQU
    MOVHLPS
    MOVHPD
    MOVHPS
    MOVLHPS
    MOVLPD
    MOVLPS
    MOVMSKPD
    MOVMSKPS
    MOVNTDQ
    MOVNTDQA
    MOVNTI
    MOVNTPD
    MOVNTPS
    MOVNTQ
    MOVNTSD
    MOVNTSS
    MOVQ
    MOVQ2DQ
    MOVSB
    MOVSD
    MOVSD_XMM
    MOVSHDUP
    MOVSLDUP
    MOVSQ
    MOVSS
    MOVSW
    MOVSX
    MOVSXD
    MOVUPD
    MOVUPS
    MOVZX
    MPSADBW
    MUL
    MULPD
    MULPS
    MULSD
    MULSS
    MWAIT
    NEG
    NOP
    NOT
    OR
    ORPD
    ORPS
    OUT
    OUTSB
    OUTSD
    OUTSW
    PABSB
    PABSD
    PABSW
    PACKSSDW
    PACKSSWB
    PACKUSDW
    PACKUSWB
    PADDB
    PADDD
    PADDQ
    PADDSB
    PADDSW
    PADDUSB
    PADDUSW
    PADDW
    PALIGNR
    PAND
    PANDN
    PAUSE
    PAVGB
    PAVGW
    PBLENDVB
    PBLENDW
    PCLMULQDQ
    PCMPEQB
    PCMPEQD
    PCMPEQQ
    PCMPEQW
    PCMPESTRI
    PCMPESTRM
    PCMPGTB
    PCMPGTD
    PCMPGTQ
    PCMPGTW
    PCMPISTRI
    PCMPISTRM
    PEXTRB
    PEXTRD
    PEXTRQ
    PEXTRW
    PHADDD
    PHADDSW
    PHADDW
    PHMINPOSUW
    PHSUBD
    PHSUBSW
    PHSUBW
    PINSRB
    PINSRD
    PINSRQ
    PINSRW
    PMADDUBSW
    PMADDWD
    PMAXSB
    PMAXSD
    PMAXSW
    PMAXUB
    PMAXUD
    PMAXUW
    PMINSB
    PMINSD
    PMINSW
    PMINUB
    PMINUD
    PMINUW
    PMOVMSKB
    PMOVSXBD
    PMOVSXBQ
    PMOVSXBW
    PMOVSXDQ
    PMOVSXWD
    PMOVSXWQ
    PMOVZXBD
    PMOVZXBQ
    PMOVZXBW
    PMOVZXDQ
    PMOVZXWD
    PMOVZXWQ
    PMULDQ
    PMULHRSW
    PMULHUW
    PMULHW
    PMULLD
    PMULLW
    PMULUDQ
    POP
    POPA
    POPAD
    POPCNT
    POPF
    POPFD
    POPFQ
    POR
    PREFETCHNTA
    PREFETCHT0
    PREFETCHT1
    PREFETCHT2
    PREFETCHW
    PSADBW
    PSHUFB
    PSHUFD
    PSHUFHW
    PSHUFLW
    PSHUFW
    PSIGNB
    PSIGND
    PSIGNW
    PSLLD
    PSLLDQ
    PSLLQ
    PSLLW
    PSRAD
    PSRAW
    PSRLD
    PSRLDQ
    PSRLQ
    PSRLW
    PSUBB
    PSUBD
    PSUBQ
    PSUBSB
    PSUBSW
    PSUBUSB
    PSUBUSW
    PSUBW
    PTEST
    PUNPCKHBW
    PUNPCKHDQ
    PUNPCKHQDQ
    PUNPCKHWD
    PUNPCKLBW
    PUNPCKLDQ
    PUNPCKLQDQ
    PUNPCKLWD
    PUSH
    PUSHA
    PUSHAD
    PUSHF
    PUSHFD
    PUSHFQ
    PXOR
    RCL
    RCPPS
    RCPSS
    RCR
    RDFSBASE
    RDGSBASE
    RDMSR
    RDPMC
    RDRAND
    RDTSC
    RDTSCP
    RET
    ROL
    ROR
    ROUNDPD
    ROUNDPS
    ROUNDSD
    ROUNDSS
    RSM
    RSQRTPS
    RSQRTSS
    SAHF
    SAR
    SBB
    SCASB
    SCASD
    SCASQ
    SCASW
    SETA
    SETAE
    SETB
    SETBE
    SETE
    SETG
    SETGE
    SETL
    SETLE
    SETNE
    SETNO
    SETNP
    SETNS
    SETO
    SETP
    SETS
    SFENCE
    SGDT
    SHL
    SHLD
    SHR
    SHRD
    SHUFPD
    SHUFPS
    SIDT
    SLDT
    SMSW
    SQRTPD
    SQRTPS
    SQRTSD
    SQRTSS
    STC
    STD
    STI
    STMXCSR
    STOSB
    STOSD
    STOSQ
    STOSW
    STR
    SUB
    SUBPD
    SUBPS
    SUBSD
    SUBSS
    SWAPGS
    SYSCALL
    SYSENTER
    SYSEXIT
    SYSRET
    TEST
    TZCNT
    UCOMISD
    UCOMISS
    UD0
    UD1
    UD2
    UNPCKHPD
    UNPCKHPS
    UNPCKLPD
    UNPCKLPS
    VERR
    VERW
    VMOVDQA
    VMOVDQU
    VMOVNTDQ
    VMOVNTDQA
    VZEROUPPER
    WBINVD
    WRFSBASE
    WRGSBASE
    WRMSR
    XABORT
    XADD
    XBEGIN
    XCHG
    XEND
    XGETBV
    XLATB
    XOR
    XORPD
    XORPS
    XRSTOR
    XRSTOR64
    XRSTORS
    XRSTORS64
    XSAVE
    XSAVE64
    XSAVEC
    XSAVEC64
    XSAVEOPT
    XSAVEOPT64
    XSAVES
    XSAVES64
    XSETBV
    XTEST
)

func (Op) String

func (op Op) String() string

type Prefix

A Prefix represents an Intel instruction prefix. The low 8 bits are the actual prefix byte encoding, and the top 8 bits contain distinguishing bits and metadata.

type Prefix uint16
const (
    // Metadata about the role of a prefix in an instruction.
    PrefixImplicit Prefix = 0x8000 // prefix is implied by instruction text
    PrefixIgnored  Prefix = 0x4000 // prefix is ignored: either irrelevant or overridden by a later prefix
    PrefixInvalid  Prefix = 0x2000 // prefix makes entire instruction invalid (bad LOCK)

    // Memory segment overrides.
    PrefixES Prefix = 0x26 // ES segment override
    PrefixCS Prefix = 0x2E // CS segment override
    PrefixSS Prefix = 0x36 // SS segment override
    PrefixDS Prefix = 0x3E // DS segment override
    PrefixFS Prefix = 0x64 // FS segment override
    PrefixGS Prefix = 0x65 // GS segment override

    // Branch prediction.
    PrefixPN Prefix = 0x12E // predict not taken (conditional branch only)
    PrefixPT Prefix = 0x13E // predict taken (conditional branch only)

    // Size attributes.
    PrefixDataSize Prefix = 0x66 // operand size override
    PrefixData16   Prefix = 0x166
    PrefixData32   Prefix = 0x266
    PrefixAddrSize Prefix = 0x67 // address size override
    PrefixAddr16   Prefix = 0x167
    PrefixAddr32   Prefix = 0x267

    // One of a kind.
    PrefixLOCK     Prefix = 0xF0 // lock
    PrefixREPN     Prefix = 0xF2 // repeat not zero
    PrefixXACQUIRE Prefix = 0x1F2
    PrefixBND      Prefix = 0x2F2
    PrefixREP      Prefix = 0xF3 // repeat
    PrefixXRELEASE Prefix = 0x1F3

    // The REX prefixes must be in the range [PrefixREX, PrefixREX+0x10).
    // the other bits are set or not according to the intended use.
    PrefixREX       Prefix = 0x40 // REX 64-bit extension prefix
    PrefixREXW      Prefix = 0x08 // extension bit W (64-bit instruction width)
    PrefixREXR      Prefix = 0x04 // extension bit R (r field in modrm)
    PrefixREXX      Prefix = 0x02 // extension bit X (index field in sib)
    PrefixREXB      Prefix = 0x01 // extension bit B (r/m field in modrm or base field in sib)
    PrefixVEX2Bytes Prefix = 0xC5 // Short form of vex prefix
    PrefixVEX3Bytes Prefix = 0xC4 // Long form of vex prefix
)

func (Prefix) IsREX

func (p Prefix) IsREX() bool

IsREX reports whether p is a REX prefix byte.

func (Prefix) IsVEX

func (p Prefix) IsVEX() bool

func (Prefix) String

func (p Prefix) String() string

type Prefixes

Prefixes is an array of prefixes associated with a single instruction. The prefixes are listed in the same order as found in the instruction: each prefix byte corresponds to one slot in the array. The first zero in the array marks the end of the prefixes.

type Prefixes [14]Prefix

type Reg

A Reg is a single register. The zero Reg value has no name but indicates “no register.”

type Reg uint8
const (

    // 8-bit
    AL Reg
    CL
    DL
    BL
    AH
    CH
    DH
    BH
    SPB
    BPB
    SIB
    DIB
    R8B
    R9B
    R10B
    R11B
    R12B
    R13B
    R14B
    R15B

    // 16-bit
    AX
    CX
    DX
    BX
    SP
    BP
    SI
    DI
    R8W
    R9W
    R10W
    R11W
    R12W
    R13W
    R14W
    R15W

    // 32-bit
    EAX
    ECX
    EDX
    EBX
    ESP
    EBP
    ESI
    EDI
    R8L
    R9L
    R10L
    R11L
    R12L
    R13L
    R14L
    R15L

    // 64-bit
    RAX
    RCX
    RDX
    RBX
    RSP
    RBP
    RSI
    RDI
    R8
    R9
    R10
    R11
    R12
    R13
    R14
    R15

    // Instruction pointer.
    IP  // 16-bit
    EIP // 32-bit
    RIP // 64-bit

    // 387 floating point registers.
    F0
    F1
    F2
    F3
    F4
    F5
    F6
    F7

    // MMX registers.
    M0
    M1
    M2
    M3
    M4
    M5
    M6
    M7

    // XMM registers.
    X0
    X1
    X2
    X3
    X4
    X5
    X6
    X7
    X8
    X9
    X10
    X11
    X12
    X13
    X14
    X15

    // Segment registers.
    ES
    CS
    SS
    DS
    FS
    GS

    // System registers.
    GDTR
    IDTR
    LDTR
    MSW
    TASK

    // Control registers.
    CR0
    CR1
    CR2
    CR3
    CR4
    CR5
    CR6
    CR7
    CR8
    CR9
    CR10
    CR11
    CR12
    CR13
    CR14
    CR15

    // Debug registers.
    DR0
    DR1
    DR2
    DR3
    DR4
    DR5
    DR6
    DR7
    DR8
    DR9
    DR10
    DR11
    DR12
    DR13
    DR14
    DR15

    // Task registers.
    TR0
    TR1
    TR2
    TR3
    TR4
    TR5
    TR6
    TR7
)

func (Reg) String

func (r Reg) String() string

type Rel

A Rel is an offset relative to the current instruction pointer.

type Rel int32

func (Rel) String

func (r Rel) String() string

type SymLookup

type SymLookup func(uint64) (string, uint64)