What's Changed

Features

• Add AVX-VNNI-INT16, SHA512, SM3, SM4 and PBNDKB ISA extensions by @flobernd in #449
• Add UD0_COMPAT decoder mode by @flobernd in #477
• Add support for loongarch by @wuruilong01 in #462
• Add PCOMMIT instruction by @flobernd in #429
• Update instructions and add new ISA extensions by @flobernd in #407

Improvements

• Fix ZydisFeature enum max value constant by @athre0z in #408
• Excluded test tool from shared library builds (Fixes #415) by @mappzor in #416
• CMake: remove CXX from project directive by @athre0z in #418
• Use ZYAN_DIV64 in ZydisStringAppendDecU64 by @jpidancet in #424
• Improve color output for ZydisInfo and ZydisDisasm by @flobernd in #433
• Add missing static keywords. by @jpidancet in #434
• Convert ZydisDecoder field decoder_mode to a bitmap. by @jpidancet in #435
• Add ZYDIS_BUILD_TESTS option and include tests in CMakeLists.txt by @topazus in #437
• Fix the installation location of manpages by @topazus in #441
• Build: fix amalgamation public header warning by @athre0z in #440
• Add missing (void) on functions without args by @athre0z in #442
• Fix ZYDIS_FORMATTER_PROP_HEX_FORCE_LEADING_NUMBER by @athre0z in #452
• Improve fuzzer stability in persistent mode by @athre0z in #453
• CMake: mark zycore dependency as required by @athre0z in #457
• Improve ZydisRegisterGetLargestEnclosing by @flobernd in #456
• Check if Zydis is the top-level project for better FetchContent support by @ZehMatt in #459
• CMake: improve search for Zycore by @athre0z in #461
• Fix #463: Wrong target offset calculated when using bnd prefix by @ZehMatt in #464
• Fuzzing improvements and bugfixes by @mappzor in #466
• Doc: extract documentation from all headers by @athre0z in #467
• Formatter improvements (sizes and addresses) by @mappzor in #472
• Fix alignment issues with Intel macOS builds by @athre0z in #475
• Keep same order of files for amalgamation by @evdenis in #481
• Reworked absolute address handling (Fixes #471) by @mappzor in #473
• Enforce predicted instruction size (Fixes #478) by @mappzor in #479

Full Changelog: v4.0.0...v4.1.0

Minimum required Zycore version: v1.5.0

• Added encoding functionality, allowing users to use Zydis for code generation and rewriting
  • A huge thanks goes to @mappzor, who contributed pretty much the entire implementation by himself
• Split instruction and operand decoding, allowing users to decode only the data they actually need
• Added support for creating amalgamized builds, essentially combining all of Zydis and the required Zycore source code files and headers into a single header and source file, greatly simplifying linking against Zydis on the quick
• Improved and automatically built documentation for all recent versions of Zydis
• Added maximally simplified all-in-one disassembler function (see #379 for details)

Check out our corresponding blog article for details and examples!

Porting Guide

We offer a porting guide for the breaking changes from v3 to v4.

Important Changes

Decoder

• Fix general address-width handling by @flobernd in #238
• Fix register constraints of certain AMX instructions by @flobernd in #271
• Fixed constraint enforcement for AMX instructions by @mappzor in #276
• Decouple operand decoding by @flobernd in #278
• Remove deprecated accessed_flags flags field from ZydisDecodedInstruction by @flobernd in #262
• Add unions in decoded instruction and operands by @athre0z in #326
• Declare structs as anonymous within anonymous unions by @ZehMatt in #329
• Change st0 operand visibility as specified by SDM by @athre0z in #331
• Improved signedness data accuracy and consistency (Fixes #327) by @mappzor in #336

Encoder

• Implemented instruction encoder by @mappzor in #254
• Added ZydisEncoderNopFill by @mappzor in #376
• Added function to calculate and encode relative operands by @mappzor in #368

Build

• Add option to use system installed Zycore by @Tachi107 in #250
• Fix build on macOS 12 by @athre0z in #259
• Get rid of ZydisExportConfig.h by @athre0z in #301
• Add script for generating an amalgamated distribution by @athre0z in #302
• Add WebAssembly support by @williballenthin in #277
• Improve LTO support by @athre0z in #333
• Add Makefile for quick access to various operations by @athre0z in #346

Misc

• Zycore: updated to v1.4.1
• Utils: remove ZydisPE by @athre0z in #257
• Docs: add man pages by @Tachi107 in #267
• Registers: add lookup tables for ZydisRegister and ZydisRegisterClass by @flobernd in #283
• Tools: improve ZydisInfo by @flobernd in #285
• Formatter: fix MASM style disassembly by @flobernd in #298
• Segments: move segment functions into a separate, optional header by @athre0z in #348
• Formatter: simplify formatter interface by @athre0z in #361
• Doc: switch Doxygen theme by @athre0z in #373
• CI: add automated documentation builds by @athre0z in #374

Full Changelog: v3.2.1...v4.0.0

• Added encoding functionality, allowing users to use Zydis for code generation and rewriting
  • A huge thanks goes to @mappzor, who contributed pretty much the entire implementation by himself
• Split instruction and operand decoding, allowing users to decode only the data they actually need
• Added support for creating amalgamized builds, essentially combining all of Zydis and the required Zycore source code files and headers into a single header and source file, greatly simplifying linking against Zydis on the quick
• Improved and automatically built documentation for all recent versions of Zydis
• Added maximally simplified all-in-one disassembler function (see #379 for details)

Porting Guide

We offer a porting guide for the breaking changes from v3 to v4.

Important Changes

Decoder

• Fix general address-width handling by @flobernd in #238
• Fix register constraints of certain AMX instructions by @flobernd in #271
• Fixed constraint enforcement for AMX instructions by @mappzor in #276
• Decouple operand decoding by @flobernd in #278
• Remove deprecated accessed_flags flags field from ZydisDecodedInstruction by @flobernd in #262
• Add unions in decoded instruction and operands by @athre0z in #326
• Declare structs as anonymous within anonymous unions by @ZehMatt in #329
• Change st0 operand visibility as specified by SDM by @athre0z in #331
• Improved signedness data accuracy and consistency (Fixes #327) by @mappzor in #336

Encoder

• Implemented instruction encoder by @mappzor in #254
• Added ZydisEncoderNopFill by @mappzor in #376
• Added function to calculate and encode relative operands by @mappzor in #368

Build

• Add option to use system installed Zycore by @Tachi107 in #250
• Fix build on macOS 12 by @athre0z in #259
• Get rid of ZydisExportConfig.h by @athre0z in #301
• Add script for generating an amalgamated distribution by @athre0z in #302
• Add WebAssembly support by @williballenthin in #277
• Improve LTO support by @athre0z in #333
• Add Makefile for quick access to various operations by @athre0z in #346

Misc

• Utils: remove ZydisPE by @athre0z in #257
• Docs: add man pages by @Tachi107 in #267
• Registers: add lookup tables for ZydisRegister and ZydisRegisterClass by @flobernd in #283
• Tools: improve ZydisInfo by @flobernd in #285
• Formatter: fix MASM style disassembly by @flobernd in #298
• Segments: move segment functions into a separate, optional header by @athre0z in #348
• Formatter: simplify formatter interface by @athre0z in #361
• Doc: switch Doxygen theme by @athre0z in #373
• CI: add automated documentation builds by @athre0z in #374

Full Changelog: v3.2.1...v4.0.0

Detailed changelog (since v3.2.0)

This is a security update.

Formatter

• CVE-2021-41253: Fixed a bug where an internal formatter structure wasn't properly initialized.
  • For users that extend the formatter via the formatter hook mechanism and use the string functions provided in zycore to append untrusted data to the formatter buffer, this can result in heap memory corruption. If you don't extend the formatter, this bug doesn't affect you.
  • For more details, please consult our security advisory.
  • Thanks to @geeknik who found this issues during fuzzing, providing us with a test case for reproducing it!

This version is both API and ABI compatible with v3.2.0.

Detailed changelog (since v3.1.0)

Note: This was already published previously. If you just got a second notification for this, it's because something went wrong when placing the original tag on the right commit, and the corresponding release was deleted by GitHub when the tag was adjusted. No action is required and if you previously pulled from the old tag, you still have the latest released code. Sorry for the inconvenience!

Decoder

• Added flags_read and flags_written masks to ZydisDecodedInstruction for more intuitive and performant access
• Added support for 4FMAPS multisource operands
• Added support for CET no-track prefix
• Fixed Load-op SwizzUpConv(F32)
• Fixed wrong eviction hint formatter-string
• Fixed MVEX rounding mode decoding
• Improved handling of 16-bit relative operands
• Improved general segment override handling
• XOP/VEX/EVEX is invalid in 16-bit real mode
• Scale base register of implicit SP/BP memory operands by stack- instead of address-size
• Set ZYDIS_ATTRIB_ACCEPTS_SEGMENT for non legacy instructions

Formatter

• Added formatter option to control printing of scale *1
• Fixed relative disp printing for 0 disps
• Fixed incorrect formatting of signed displacements
• Fixed formatting of offset for PTR operands
• Fixed {sae}/{rc} formatting
• Enhanced formatting for MIB operands
• Print missing {z} decorator for instructions with control-masking
• Print asterisk in front of absolute jmp/call address (AT&T)

Database

• Added AVX-512 FP16 instructions
• Added VNNI instructions
• Added HRESET instructions
• Added KEYLOCKER instructions
• Added TDX instructions
• Added AMD INVLPGB instructions
• Added AMD mcommit instruction
• Added SERIALIZE and TSX-LDTRK instructions
• Added AMD SNP instructions
• Added AMX instructions
• Added missing conditional-write registers for STOS{B|W|D|Q} and LODS{B|W|D|Q}
• Fixed privilege level of CET instructions
• Fixed decoding of RDSSPD in 64-bit mode
• Fixed segment register for leave instruction
• Fixed invlpga and pvalidate pseudo memory operand register width
• Fixed bsf/bsr destination operand action
• Fixed DI/SI operand access action for stos{b|w|d|q}/movs{b|w|d|q} instructions
• Fixed CET/VMX decoding in real mode
• Fixed ECX scaling for pcmpestri/vpcmpestri/pcmpistri/vpcmpistri
• Set fixed vector-length for EVEX instructions that ignore EVEX.LL (LIG)
• Removed impossible jcxz/jrcxz encodings
• Ignore segment override for memory operands with hardcoded ES segment
• Ignore segment override for BNDC{L|N|U}
• Display implicit pseudo memory operand for vmrun and vmsave
• Allow invlpgb with 16-bit address-size
• Change branch-type from short -> near for jkzd/jknzd

Misc

• Improve CMake files
• Fix buffer overflow and off-by-one in ZydisInfo tool

Changes since v3.0.0

Enhancements

• Allow zycore dependency path to be changed via CMake variable
• Added build support for Solaris OS (contributed by @psumbera)

Fixes

• Fixed MinGW builds
• Fixed compilation with ICC running in MSVC emulation mode
• Various decoder fixes
  • Classify LOOP/LOOPE/LOOPNE as short-branch (#126)
  • Fixed implicit IP operand for short jcc in long mode (#133)
  • Ignore EVEX.B for vcvtsi2sd/vcvtusi2sd EVEX.W = 0 forms (#133)
  • Ignore REX.X for RM-encoded BND registers (#133)
  • Correctly handle relative memory addressing not being allowed for MIB operands (e.g. bndldx/bndstx) (#133)

Detailed changelog (since v2.0.3)

Decoder

• Improved legacy prefix decoding
• Fixed gather register check for VGATHERPF0{D|Q}{PS|PD} instruction
• Fixed some incorrect assert conditions
• Fixed check for invalid BOUND registers
• Fixed incorrect value of ZydisDecodedInstruction.raw.prefixes[n].type in some edge cases

Formatter

• Implemented AT&T formatter-style
• Implemented MASM formatter-style
• Implemented tokenization feature to the instruction
  • ZydisFormatterTokenizeInstruction/ZydisFormatterTokenizeInstructionEx and ZydisFormatterTokenizeOperand/ZydisFormatterTokenizeOperandEx generates a token-list instead of a simple string
  • Each token has a type (like MNEMONIC, REGISTER, DELIMITER) and contains a string
  • Tokenization allows users to receive the formatted instructions as a stream of tokens with annotations of their purpose, allowing for easier implementation of features such as syntax highlighting
• Numeric base (decimal, hexadecimal), signedness and padding can now be independently configured for all numeric types (addresses, displacements and immediates)
• Added "detailed prefixes" mode
  • Prints all instruction prefixes instead of only the effective ones
• Replaced the ZYDIS_FORMATTER_PROP_UPPERCASE property with more granular options
  • Allows configuration of the letter-case individually for prefixes, mnemonics, registers, typecasts and decorators
• Implemented more formatter options
  • ZYDIS_FORMATTER_PROP_FORCE_RELATIVE_BRANCHES
    • Prints relative addresses instead of absolute ones for branch instructions
  • ZYDIS_FORMATTER_PROP_FORCE_RELATIVE_RIPREL
    • Prints relative addresses instead of absolute ones for EIP/RIP-relative instructions
  • ZYDIS_FORMATTER_PROP_PRINT_BRANCH_SIZE
    • Prints the size of branch instructions (short/near)

Database

• Added BF16 instructions
• Added vp2intersect{d|q} instructions
• Added enqcmd and enqcmds instructions
• Added AMD rdpru instruction
• Added PADLOCK instructions
• Added CLDEMOTE, MOVDIR and WAITPKG extensions
• Added implicit PKRU register to the RDPKRU/WRPKRU instructions
• Fixed exception-class of v4fmaddss, v4fnmaddss and vcvtps2ph
• Fixed KNL gather/scatter memory operand width
• Fixed mask-mode for some EVEX instructions
• Fixed element size of VP4DPWSSDS memory operand
• Fixed MONITOR, MONITORX, MWAIT and MWAITX operands
• Fixed CLRSSBSY memory operand is read-write
• Fixed VMREAD destination operand is write-only
• Fixed decoding of nop (0F 1C) with 66 prefix
• Fixed decoding of rdrand and rdseed with 66 prefix
• Fixed decoding of xstore with 66 prefix
• Adjusted element-type for auto generated FLAGS/EFLAGS/RFLAGS and X87STATUS operands
• Updated movsxd source register width
• Introduced a new element-type for condition-codes
  • This allows generic detection of condition-code operands without hardcoding any instruction mnemonics (e.g. used by CMPPS, VCMPPD, ...)
• Added support for non-default address-size configurations
  • Some instructions (e.g. ENCLS or BNDCL) are using non-default address-size configurations like ignoring the address-size override prefix or forcing the address size to certain values
• Use MODRM_RM instead of MODRM_REG for the destination register of EXTRQ
• Removed W0 filter from LLWPCB/SLWPCB (is allowed to have 64-bit operand-size)
• Added new attributes for instructions that access CPU/FPU/XMM state
  • ZYDIS_ATTRIB_CPU_STATE_{CR|CW} for general CPU-state access
  • ZYDIS_ATTRIB_FPU_STATE_{CR|CW} for FPU-state (x87 and MMX) access
  • ZYDIS_ATTRIB_XMM_STATE_{CR|CW} for XMM-state access
• Fixed CPU-flag actions for instructions that TEST and MODIFIY certain flags at the same time
  • Introduced a new CPU-flag action called TESTED_MODIFIED
• Added ZYDIS_ATTRIB_CPU_STATE_{CR|CW} attribute to iret{d|q}
• Added implicit writes for the CS and SS registers to syscall and sysret

Misc

• Implemented color support (VT100) and syntax highlighting for the ZydisInfo tool
• Added ZydisGetInstructionSegments helper function
  • Returns a list that maps the different instruction segments (like OPCODE, MODRM, ...) to an offset-size pair
  • The ZydisInfo tool now prints the hexadecimal instruction bytes using different colors considering the instruction segment
• Added ZydisCalcAbsoluteAddressEx which takes an additional register-context argument to allow calculation of addresses depending on runtime register values
• Introduced ZYDIS_MINIMAL_MODE CMake option
  • Forces ZYDIS_DECODER_MODE_MINIMAL
  • Reduces file size by excluding unused code and data-tables
• Improved MSVC project

• Fixed various smaller bugs
• Fixed CMake install rules to correctly install ZydisInfo and ZydisDisasm as intended

• Fixed build on CentOS / RHEL
  • or, more generally speaking, any toolkit that doesn't enable C99 support by default
• Fixed gather register check for VGATHERPF0{D|Q}{PS|PD} instruction
• Fixed check for invalid BOUND registers
• Fixed printing of hex-suffix for 0 values
• Fixed CPU-flag actions for instructions that TEST and MODIFIY certain flags at the same time
  • Introduced a new CPU-flag action called TESTED_MODIFIED
• Some FreeBSD fixes for examples and including Zydis in shared/static libraries (contributed by @gdbinit)
• Fixed two wrong assert conditions

Detailed changelog (since v2.0.0 Final)

• Improved instruction decoding

  • Fixed decoding of IS4 encoded operands in non 64-bit mode
  • Fixed check for invalid gather registers in non 64-bit mode

• Improved formatter

  • Fixed padding of immediate values
  • Fixed printing of XACQUIRE/XRELEASE prefixes (formatter)

• Fixed some instruction definitions

  • SCAS, INS and STOS does not allow the default ES segment to be overridden with a segment override prefix
  • Renamed SAVESSP to SAVEPREVSSP
  • Fixed ENCLS, ENCLU and ENCLV instructions

• Misc bugfixes

  • Added missing extern "C" block in String.h
  • Changed type of MOFFS memory operands to ZYDIS_MEMOP_TYPE_MEM instead of ZYDIS_MEMOP_TYPE_INVALID