udis86

Disassembler Library for x86 and x86-64

1,012

296

1,012

View on GitHub

Top Related Projects

unicorn

7,468

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

zydis

3,363

Fast and lightweight x86/x86-64 disassembler and code generation library

asmjit

3,916

Low-latency machine code generation

Quick Overview

Udis86 is a disassembler library for x86 and x86-64 architectures. It provides a fast and lightweight solution for decoding machine code into human-readable assembly language. The library is written in C and offers bindings for various programming languages.

Pros

High performance and low memory footprint
Supports both 32-bit and 64-bit x86 instruction sets
Provides a simple and easy-to-use API
Cross-platform compatibility (Windows, Linux, macOS)

Cons

Limited to x86 and x86-64 architectures
Not actively maintained (last update in 2013)
Lacks support for the latest x86 instruction set extensions
Documentation could be more comprehensive

Code Examples

Basic disassembly example:

#include <udis86.h>

int main() {
    ud_t ud_obj;
    uint8_t code[] = {0x90, 0x48, 0x89, 0x5C, 0x24, 0x10};
    
    ud_init(&ud_obj);
    ud_set_input_buffer(&ud_obj, code, sizeof(code));
    ud_set_mode(&ud_obj, 64);
    ud_set_syntax(&ud_obj, UD_SYN_INTEL);
    
    while (ud_disassemble(&ud_obj)) {
        printf("%s\n", ud_insn_asm(&ud_obj));
    }
    
    return 0;
}

Disassembling from a file:

#include <udis86.h>

int main() {
    ud_t ud_obj;
    FILE* file = fopen("binary.bin", "rb");
    
    ud_init(&ud_obj);
    ud_set_input_file(&ud_obj, file);
    ud_set_mode(&ud_obj, 32);
    ud_set_syntax(&ud_obj, UD_SYN_ATT);
    
    while (ud_disassemble(&ud_obj)) {
        printf("0x%lx: %s\n", ud_insn_off(&ud_obj), ud_insn_asm(&ud_obj));
    }
    
    fclose(file);
    return 0;
}

Using the Python bindings:

from udis86 import *

ud = ud_t()
ud.init()
ud.set_input_buffer(b"\x90\x48\x89\x5C\x24\x10")
ud.set_mode(64)
ud.set_syntax(UD_SYN_INTEL)

while ud.disassemble():
    print(f"{ud.insn_hex()}: {ud.insn_asm()}")

Getting Started

To use Udis86 in your project, follow these steps:

Clone the repository:

git clone https://github.com/vmt/udis86.git

Build the library:

cd udis86
./autogen.sh
./configure
make

Install the library:
```
sudo make install
```
Include the header in your C/C++ project:
```
#include <udis86.h>
```

Link against the library when compiling:

gcc your_program.c -ludis86 -o your_program

Competitor Comparisons

unicorn

7,468

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

Pros of Unicorn

More comprehensive emulation capabilities, supporting multiple architectures
Active development and larger community support
Extensive API for fine-grained control over emulation

Cons of Unicorn

Higher complexity and steeper learning curve
Larger codebase and potentially higher resource usage
May be overkill for simple disassembly tasks

Code Comparison

Udis86 (disassembly):

ud_t ud_obj;
ud_init(&ud_obj);
ud_set_input_buffer(&ud_obj, buffer, size);
ud_set_mode(&ud_obj, 32);
while (ud_disassemble(&ud_obj)) {
    printf("%s\n", ud_insn_asm(&ud_obj));
}

Unicorn (emulation):

from unicorn import *

mu = Uc(UC_ARCH_X86, UC_MODE_32)
mu.mem_map(0x1000, 0x1000)
mu.mem_write(0x1000, b"\x41\x4a")  # INC ecx; DEC edx
mu.emu_start(0x1000, 0x1002)
ecx = mu.reg_read(UC_X86_REG_ECX)

Summary

Udis86 is a lightweight disassembler focused on x86/x86-64, while Unicorn is a powerful multi-architecture CPU emulator. Udis86 is simpler and more suitable for basic disassembly tasks, whereas Unicorn offers comprehensive emulation capabilities but with increased complexity.

capstone

7,334

Pros of Capstone

Multi-architecture support (x86, ARM, MIPS, PowerPC, etc.)
More actively maintained with frequent updates
Extensive documentation and community support

Cons of Capstone

Larger codebase and memory footprint
Steeper learning curve for beginners
Potentially slower for simple disassembly tasks

Code Comparison

Udis86 example:

ud_t ud_obj;
ud_init(&ud_obj);
ud_set_input_buffer(&ud_obj, buffer, size);
ud_set_mode(&ud_obj, 32);
while (ud_disassemble(&ud_obj)) {
    printf("%s\n", ud_insn_asm(&ud_obj));
}

Capstone example:

csh handle;
cs_open(CS_ARCH_X86, CS_MODE_32, &handle);
cs_insn *insn;
size_t count = cs_disasm(handle, buffer, size, 0x1000, 0, &insn);
for (size_t j = 0; j < count; j++) {
    printf("%s\t%s\n", insn[j].mnemonic, insn[j].op_str);
}

Both libraries offer disassembly capabilities, but Capstone provides a more feature-rich and flexible solution at the cost of increased complexity. Udis86 is simpler and more lightweight, focusing specifically on x86/x86-64 architectures.

zydis

3,363

Fast and lightweight x86/x86-64 disassembler and code generation library

Pros of Zydis

More actively maintained with frequent updates
Supports a wider range of architectures (x86, x86-64, ARM, ARM64)
Better performance and lower memory footprint

Cons of Zydis

Steeper learning curve due to more complex API
Larger codebase, which may increase compilation time

Code Comparison

Udis86 usage:

ud_t ud_obj;
ud_init(&ud_obj);
ud_set_input_buffer(&ud_obj, buffer, size);
ud_set_mode(&ud_obj, 64);
while (ud_disassemble(&ud_obj)) {
    printf("%s\n", ud_insn_asm(&ud_obj));
}

Zydis usage:

ZydisDecoder decoder;
ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
ZydisDecodedInstruction instruction;
while (ZYAN_SUCCESS(ZydisDecoderDecodeBuffer(&decoder, buffer, size, &instruction))) {
    // Process instruction
}

Both libraries offer x86/x86-64 disassembly capabilities, but Zydis provides more features and better performance. Udis86 has a simpler API, making it easier to use for basic disassembly tasks. Zydis, while more complex, offers greater flexibility and support for additional architectures.

asmjit

3,916

Low-latency machine code generation

Pros of asmjit

More comprehensive: Supports both x86 and ARM architectures
Active development: Regular updates and contributions
Versatile: Can be used for both assembly and disassembly

Cons of asmjit

Steeper learning curve: More complex API due to its broader feature set
Larger codebase: Potentially higher memory footprint

Code Comparison

asmjit example:

#include <asmjit/asmjit.h>

using namespace asmjit;

JitRuntime rt;
CodeHolder code;
code.init(rt.environment());

x86::Assembler a(&code);
a.mov(x86::eax, 42);
a.ret();

typedef int (*Func)(void);
Func fn;
Error err = rt.add(&fn, &code);

udis86 example:

#include <udis86.h>

ud_t ud_obj;
ud_init(&ud_obj);
ud_set_input_buffer(&ud_obj, buffer, size);
ud_set_mode(&ud_obj, 32);
ud_set_syntax(&ud_obj, UD_SYN_INTEL);

while (ud_disassemble(&ud_obj)) {
    printf("%s\n", ud_insn_asm(&ud_obj));
}

asmjit offers a more feature-rich environment for both assembly and disassembly, while udis86 focuses primarily on disassembly with a simpler API. asmjit's active development and broader architecture support make it more suitable for complex projects, whereas udis86 might be preferable for simpler disassembly tasks on x86 architectures.

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Udis86

Udis86 is a disassembler for the x86 and x86-64 class of instruction set architectures. It consists of a C library called libudis86 which provides a clean and simple interface to decode a stream of raw binary data, and to inspect the disassembled instructions in a structured manner.

LICENSE

Udis86 is distributed under the terms of the 2-clause "Simplified BSD License". A copy of the license is included with the source in LICENSE.

libudis86

o Supports all x86 and x86-64 (AMD64) General purpose and System instructions. o Supported ISA extensions: - MMX, FPU (x87), AMD 3DNow - SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES, - AMD-V, INTEL-VMX, SMX o Instructions are defined in an XML document, with opcode tables generated for performance. o Supports output in both INTEL (NASM) as well as AT&T (GNU as) style assembly language syntax. o Supports a variety of input methods: Files, Memory Buffers, and Function Callback hooks. o Re-entrant, no dynamic memory allocation. o Fully documented API

-- EXAMPLE -----------------------------------------------------------

ud_t u;

ud_init(&u);
ud_set_input_file(&u, stdin);
ud_set_mode(&u, 64);
ud_set_syntax(&u, UD_SYN_INTEL);

while (ud_disassemble(&u)) {
  printf("\t%s\n", ud_insn_asm(&ud_obj));
}

udcli

udcli is a small command-line tool for your quick disassembly needs.

-- EXAMPLE -----------------------------------------------------------

$ echo "65 67 89 87 76 65 54 56 78 89 09 00 90" | udcli -32 -x 
0000000080000800 656789877665     mov [gs:bx+0x6576], eax
0000000080000806 54               push esp
0000000080000807 56               push esi
0000000080000808 7889             js 0x80000793
000000008000080a 0900             or [eax], eax
000000008000080c 90               nop

Documentation

The libudis86 api is fully documented. The package distribution contains a Texinfo file which can be installed by invoking "make install-info". You can also find an online html version of the documentation available at http://udis86.sourceforge.net/.

Autotools Build

You need autotools if building from sources cloned form version control system, or if you need to regenerate the build system. The wrapper script 'autogen.sh' is provided that'll generate the build system.

AUTHOR

Udis86 is written and maintained by Vivek Thampi (vivek.mt@gmail.com).

Top Related Projects

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot