ionicons-v5-d 0.16.0 (441bb46)
Updated on 10/12/2024, 11:03:30.

C++

Architectures

 Architectures

Engine

class Engine

This class interfaces the assembler/disassembler support.

Public Types

using instructions_it = iterator_range<Instruction::Iterator>

Disassembly instruction iterator.

Public Functions

Engine() = delete
Engine(std::unique_ptr<details::Engine> impl)
Engine(const Engine&) = delete
Engine &operator=(const Engine&) = delete
Engine(Engine&&) noexcept
Engine &operator=(Engine&&) noexcept
instructions_it disassemble(const uint8_t *buffer, size_t size, uint64_t addr)

Disassemble the provided buffer with the address specified in the second parameter.

inline instructions_it disassemble(const std::vector<uint8_t> &bytes, uint64_t addr)

Disassemble the given vector of bytes with the address specified in the second parameter.

std::vector<uint8_t> assemble(uint64_t address, const std::string &Asm)
std::vector<uint8_t> assemble(uint64_t address, const std::string &Asm, LIEF::Binary &bin)
~Engine()

Instruction

class Instruction

This class represents an assembly instruction.

Subclassed by LIEF::assembly::aarch64::Instruction, LIEF::assembly::arm::Instruction, LIEF::assembly::ebpf::Instruction, LIEF::assembly::mips::Instruction, LIEF::assembly::powerpc::Instruction, LIEF::assembly::riscv::Instruction, LIEF::assembly::x86::Instruction

Public Types

enum class MemoryAccess : uint8_t

Memory operation flags.

Values:

enumerator NONE = 0
enumerator READ = 1 << 0
enumerator WRITE = 1 << 1
enumerator READ_WRITE = READ | WRITE

Public Functions

uint64_t address() const

Address of the instruction.

size_t size() const

Size of the instruction in bytes.

const std::vector<uint8_t> &raw() const

Raw bytes of the current instruction.

std::string mnemonic() const

Instruction mnemonic (e.g. br)

std::string to_string(bool with_address = true) const

Representation of the current instruction in a pretty assembly way.

bool is_call() const

True if the instruction is a call.

bool is_terminator() const

True if the instruction marks the end of a basic block.

bool is_branch() const

True if the instruction is a branch.

bool is_syscall() const

True if the instruction is a syscall.

bool is_memory_access() const

True if the instruction performs a memory access.

bool is_move_reg() const

True if the instruction is a register to register move.

bool is_add() const

True if the instruction performs an arithmetic addition.

bool is_trap() const

True if the instruction is a trap.

  • On x86/x86-64 this includes the ud1/ud2 instructions

  • On AArch64 this includes the brk/udf instructions

bool is_barrier() const

True if the instruction prevents executing the instruction that immediatly follows the current. This includes return or unconditional branch instructions.

bool is_return() const

True if the instruction is a return.

bool is_indirect_branch() const

True if the instruction is and indirect branch.

This includes instructions that branch through a register (e.g. jmp rax, br x1).

bool is_conditional_branch() const

True if the instruction is conditionally jumping to the next instruction or an instruction into some other basic block.

bool is_unconditional_branch() const

True if the instruction is jumping (unconditionally) to some other basic block.

bool is_compare() const

True if the instruction is a comparison.

bool is_move_immediate() const

True if the instruction is moving an immediate.

bool is_bitcast() const

True if the instruction is doing a bitcast.

MemoryAccess memory_access() const

Memory access flags.

result<uint64_t> branch_target() const

Given a is_branch() instruction, try to evaluate the address of the destination.

const llvm::MCInst &mcinst() const

Return the underlying llvm::MCInst implementation.

Warning

Because of ABI compatibility, this MCInst can only be used with the same version of LLVM used by LIEF.

template<class T>
inline const T *as() const

This function can be used to down cast an Instruction instance:

std::unique_ptr<assembly::Instruction> inst = get_inst();
if (const auto* arm = inst->as<assembly::arm::Instruction>()) {
  const arm::OPCODE op = arm->opcode();
}
virtual ~Instruction()

Friends

inline friend std::ostream &operator<<(std::ostream &os, const Instruction &inst)
class Iterator : public LIEF::iterator_facade_base<Iterator, std::forward_iterator_tag, std::unique_ptr<Instruction>, std::ptrdiff_t, Instruction*, std::unique_ptr<Instruction>>

Lazy-forward iterator that outputs Instruction

Public Types

using implementation = details::InstructionIt

Public Functions

Iterator()
Iterator(std::unique_ptr<details::InstructionIt> impl)
Iterator(const Iterator&)
Iterator &operator=(const Iterator&)
Iterator(Iterator&&) noexcept
Iterator &operator=(Iterator&&) noexcept
~Iterator()
Iterator &operator++()
std::unique_ptr<Instruction> operator*() const

Disassemble and output an Instruction at the current iterator’s position.

Friends

friend bool operator==(const Iterator &LHS, const Iterator &RHS)
inline friend bool operator!=(const Iterator &LHS, const Iterator &RHS)