X86/x86-64¶

Instruction¶

class Instruction : public LIEF::assembly::Instruction ¶

This class represents a x86/x86-64 instruction.

Public Types

using operands_it = iterator_range<Operand::Iterator>¶

Public Functions

OPCODE opcode() const¶: The instruction opcode as defined in LLVM.

operands_it operands() const¶: Iterator over the operands of the current instruction.

virtual ~Instruction() override = default¶

Public Static Functions

static bool classof(const assembly::Instruction *inst)¶: True if inst is an effective instance of x86::Instruction.

Opcodes¶

See LIEF::assembly::x86::OPCODE in include/asm/x86/opcodes.hpp

Operands¶

class Operand¶

This class represents an operand for an x86/x86-64 instruction.

Subclassed by LIEF::assembly::x86::operands::Immediate, LIEF::assembly::x86::operands::Memory, LIEF::assembly::x86::operands::PCRelative, LIEF::assembly::x86::operands::Register

Public Functions

std::string to_string() const¶: Pretty representation of the operand.

template<class T> inline const T *as() const¶

This function can be used to down cast an Operand instance:

std::unique_ptr<assembly::x86::Operand> op = ...;
if (const auto* memory = inst->as<assembly::x86::operands::Memory>()) {
  const assembly::x86::REG base = memory->base();
}

virtual ~Operand()¶

Friends

inline friend std::ostream &operator<<(std::ostream &os, const Operand &op)¶

class Iterator : public LIEF::iterator_facade_base<Iterator, std::forward_iterator_tag, std::unique_ptr<Operand>, std::ptrdiff_t, Operand*, std::unique_ptr<Operand>>¶

Forward iterator that outputs x86 Operand as std::unique_ptr

Public Types

using implementation = details::OperandIt¶

Public Functions

Iterator()¶

Iterator(std::unique_ptr<details::OperandIt> impl)¶

Iterator(const Iterator&)¶

Iterator &operator=(const Iterator&)¶

Iterator(Iterator&&) noexcept¶

Iterator &operator=(Iterator&&) noexcept¶

~Iterator()¶

Iterator &operator++()¶

std::unique_ptr<Operand> operator*() const¶

Friends

friend bool operator==(const Iterator &LHS, const Iterator &RHS)¶

inline friend bool operator!=(const Iterator &LHS, const Iterator &RHS)¶

Immediate¶

class Immediate : public LIEF::assembly::x86::Operand ¶

This class represents an immediate operand (i.e. a constant)

For instance:

mov edi, 1;
         |
         +---> Immediate(1)

Public Functions

int64_t value() const¶: The constant value wrapped by this operand.

~Immediate() override = default¶

Public Static Functions

static bool classof(const Operand *op)¶

Register¶

class Register : public LIEF::assembly::x86::Operand ¶

This class represents a register operand.

For instance:

mov r15d, edi
     |     |
     |     +---------> Register(EDI)
     |
     +---------------> Register(R15D)

Public Functions

REG value() const¶: The effective REG wrapped by this operand.

~Register() override = default¶

Public Static Functions

static bool classof(const Operand *op)¶

Memory¶

class Memory : public LIEF::assembly::x86::Operand ¶

This class represents a memory operand.

For instance:

movq xmm3, qword ptr [rip + 823864];

                     |
                     |
                   Memory
                     |
         +-----------+-----------+
         |           |           |
     Base: rip    Scale: 1    Displacement: 823864

Public Functions

REG base() const¶

The base register.

For lea rdx, [rip + 244634] it would return rip

REG scaled_register() const¶

The scaled register.

For mov rdi, qword ptr [r13 + 8*r14] it would return r14

REG segment_register() const¶

The segment register associated with the memory operation.

For mov eax, dword ptr gs:[0] is would return gs

uint64_t scale() const¶

The scale value associated with the scaled_register():

For mov rdi, qword ptr [r13 + 8*r14] it would return 8

int64_t displacement() const¶

The displacement value.

For call qword ptr [rip + 248779] it would return 248779

~Memory() override = default¶

Public Static Functions

static bool classof(const Operand *op)¶

PCRelative¶

class PCRelative : public LIEF::assembly::x86::Operand ¶

This class represents a RIP/EIP-relative operand.

For instance:

jmp 67633;
    |
    +----------> PCRelative(67633)

Public Functions

int64_t value() const¶: The effective value that is relative to the current rip/eip register.

~PCRelative() override = default¶

Public Static Functions

static bool classof(const Operand *op)¶