Pin
Enumerations | Functions
Inspection API for IA-32 and Intel(R) 64 instructions
INS: Instruction Object

Enumerations

enum  LEVEL_BASE::PREDICATE_IA32 {
  LEVEL_BASE::PREDICATE_ALWAYS_TRUE,
  PREDICATE_INVALID,
  LEVEL_BASE::PREDICATE_BELOW,
  LEVEL_BASE::PREDICATE_BELOW_OR_EQUAL,
  LEVEL_BASE::PREDICATE_LESS,
  LEVEL_BASE::PREDICATE_LESS_OR_EQUAL,
  LEVEL_BASE::PREDICATE_NOT_BELOW,
  LEVEL_BASE::PREDICATE_NOT_BELOW_OR_EQUAL,
  LEVEL_BASE::PREDICATE_NOT_LESS,
  LEVEL_BASE::PREDICATE_NOT_LESS_OR_EQUAL,
  LEVEL_BASE::PREDICATE_NOT_OVERFLOW,
  LEVEL_BASE::PREDICATE_NOT_PARITY,
  LEVEL_BASE::PREDICATE_NOT_SIGN,
  LEVEL_BASE::PREDICATE_NOT_ZERO,
  LEVEL_BASE::PREDICATE_OVERFLOW,
  LEVEL_BASE::PREDICATE_PARITY,
  LEVEL_BASE::PREDICATE_SIGN,
  LEVEL_BASE::PREDICATE_ZERO,
  LEVEL_BASE::PREDICATE_CX_NON_ZERO,
  LEVEL_BASE::PREDICATE_ECX_NON_ZERO,
  LEVEL_BASE::PREDICATE_RCX_NON_ZERO,
  LEVEL_BASE::PREDICATE_SAVED_GCX_NON_ZERO,
  PREDICATE_LAST
}

Functions

BOOL LEVEL_CORE::INS_HasRealRep (INS ins)
BOOL LEVEL_CORE::INS_IsStandardMemop (INS ins)
UINT32 LEVEL_CORE::INS_EffectiveAddressWidth (INS ins)
BOOL LEVEL_CORE::INS_IsSysenter (INS ins)
BOOL LEVEL_CORE::INS_IsXbegin (INS ins)
BOOL LEVEL_CORE::INS_IsXend (INS ins)
BOOL LEVEL_CORE::INS_IsHalt (INS ins)
BOOL LEVEL_CORE::INS_IsPcMaterialization (INS ins)
BOOL LEVEL_CORE::INS_IsFarCall (INS ins)
BOOL LEVEL_CORE::INS_IsFarJump (INS ins)
BOOL LEVEL_CORE::INS_IsDirectFarJump (INS ins)
BOOL LEVEL_CORE::INS_IsVgather (INS ins)
BOOL LEVEL_CORE::INS_IsVscatter (INS ins)
BOOL LEVEL_CORE::INS_HasMemoryVector (INS ins)
VOID LEVEL_CORE::INS_GetFarPointer (INS ins, UINT16 &segment_selector, UINT32 &displacement)
BOOL LEVEL_CORE::INS_IsInterrupt (INS ins)
BOOL LEVEL_CORE::INS_IsFarRet (INS ins)
BOOL LEVEL_CORE::INS_IsSub (const INS ins)
BOOL LEVEL_CORE::INS_IsMov (const INS ins)
BOOL LEVEL_CORE::INS_IsMovFullRegRegSame (const INS ins)
BOOL LEVEL_CORE::INS_IsRDTSC (const INS ins)
BOOL LEVEL_CORE::INS_IsMaskMov (const INS ins)
REG LEVEL_CORE::INS_RepCountRegister (INS ins)
REG LEVEL_CORE::INS_SegmentRegPrefix (INS ins)
VOID LEVEL_CORE::PIN_SetSyntaxIntel ()
VOID LEVEL_CORE::PIN_SetSyntaxATT ()
VOID LEVEL_CORE::PIN_SetSyntaxXED ()
BOOL LEVEL_CORE::INS_SegPrefixIsMemoryRead (INS ins)
BOOL LEVEL_CORE::INS_SegPrefixIsMemoryWrite (INS ins)
BOOL LEVEL_CORE::INS_AddressSizePrefix (INS ins)
BOOL LEVEL_CORE::INS_BranchNotTakenPrefix (INS ins)
BOOL LEVEL_CORE::INS_BranchTakenPrefix (INS ins)
BOOL LEVEL_CORE::INS_LockPrefix (INS ins)
BOOL LEVEL_CORE::INS_OperandSizePrefix (INS ins)
BOOL LEVEL_CORE::INS_RepPrefix (INS ins)
BOOL LEVEL_CORE::INS_RepnePrefix (INS ins)
BOOL LEVEL_CORE::INS_SegmentPrefix (INS ins)
BOOL LEVEL_CORE::INS_IsXchg (INS ins)
BOOL LEVEL_CORE::INS_IsStringop (INS ins)
BOOL LEVEL_CORE::INS_IsIRet (INS ins)
BOOL LEVEL_CORE::INS_FullRegRContain (const INS ins, const REG reg)
BOOL LEVEL_CORE::INS_FullRegWContain (const INS ins, const REG reg)
ADDRDELTA LEVEL_CORE::INS_MemoryDisplacement (INS ins)
REG LEVEL_CORE::INS_MemoryBaseReg (INS ins)
REG LEVEL_CORE::INS_MemoryIndexReg (INS ins)
UINT32 LEVEL_CORE::INS_MemoryScale (INS ins)
BOOL LEVEL_CORE::INS_hasKnownMemorySize (INS ins)
BOOL LEVEL_CORE::INS_ChangeReg (const INS ins, const REG old_reg, const REG new_reg, const BOOL as_read)
UINT32 LEVEL_CORE::INS_OperandCount (INS ins)
UINT32 LEVEL_CORE::INS_OperandNameId (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandIsMemory (INS ins, UINT32 n)
REG LEVEL_CORE::INS_OperandMemoryBaseReg (INS ins, UINT32 n)
REG LEVEL_CORE::INS_OperandMemoryIndexReg (INS ins, UINT32 n)
REG LEVEL_CORE::INS_OperandMemorySegmentReg (INS ins, UINT32 n)
UINT32 LEVEL_CORE::INS_OperandMemoryScale (INS ins, UINT32 n)
ADDRDELTA LEVEL_CORE::INS_OperandMemoryDisplacement (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandIsFixedMemop (INS ins, UINT32 n)
VOID LEVEL_CORE::GetNumberAndSizeOfMemAccesses (INS ins, int *numAccesses, int *accessSize, int *indexSize)
BOOL LEVEL_CORE::INS_OperandIsBranchDisplacement (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandIsReg (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandIsSegmentReg (INS ins, UINT32 n)
REG LEVEL_CORE::INS_OperandReg (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandIsImmediate (INS ins, UINT32 n)
UINT64 LEVEL_CORE::INS_OperandImmediate (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandIsImplicit (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_RegIsImplicit (INS ins, REG reg)
UINT32 LEVEL_CORE::INS_OperandWidth (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandRead (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandWritten (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandReadOnly (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandWrittenOnly (INS ins, UINT32 n)
BOOL LEVEL_CORE::INS_OperandReadAndWritten (INS ins, UINT32 n)
UINT32 LEVEL_CORE::INS_MemoryOperandIndexToOperandIndex (INS ins, UINT32 memopIdx)

Detailed Description

Functions to examine IA-32 and Intel(R) 64 instructions.

Availability:
Mode: JIT & Probe
O/S: Linux & Windows
CPU: IA-32 and Intel(R) 64 architectures

Enumeration Type Documentation

Predicate abstraction for IA-32 and Intel(R) 64 instructions.

Enumerator:
PREDICATE_ALWAYS_TRUE 

Default predication on IA-32 and Intel(R) 64 architectures.

PREDICATE_BELOW 

Below (CF==1)

PREDICATE_BELOW_OR_EQUAL 

Below or Equal (CF==1 or ZF==1)

PREDICATE_LESS 

Less (SF!=OF)

PREDICATE_LESS_OR_EQUAL 

Less or Equal (ZF==1 or SF!=OF)

PREDICATE_NOT_BELOW 

Not Below (CF==0)

PREDICATE_NOT_BELOW_OR_EQUAL 

Above (CF==0 and ZF==0)

PREDICATE_NOT_LESS 

Greater or Equal (SF==OF)

PREDICATE_NOT_LESS_OR_EQUAL 

Greater (ZF==0 and SF==OF)

PREDICATE_NOT_OVERFLOW 

Not Overflow (OF==0)

PREDICATE_NOT_PARITY 

Not Parity (PF==0)

PREDICATE_NOT_SIGN 

Not Sign (SF==0)

PREDICATE_NOT_ZERO 

Not Zero (ZF==0)

PREDICATE_OVERFLOW 

Overflow (OF==1)

PREDICATE_PARITY 

Parity (PF==1)

PREDICATE_SIGN 

Sign (SF==1)

PREDICATE_ZERO 

Zero (ZF==1)

PREDICATE_CX_NON_ZERO 

CX != 0.

PREDICATE_ECX_NON_ZERO 

ECX != 0.

PREDICATE_RCX_NON_ZERO 

RCX != 0.

PREDICATE_SAVED_GCX_NON_ZERO 

(Internal) Use the saved value of one of the previous three tests


Function Documentation

BOOL LEVEL_CORE::INS_AddressSizePrefix ( INS  ins)
Returns:
true if the instruction has an address size prefix.
BOOL LEVEL_CORE::INS_BranchNotTakenPrefix ( INS  ins)
Returns:
true if the instruction has an branch not taken hint prefix
BOOL LEVEL_CORE::INS_BranchTakenPrefix ( INS  ins)
Returns:
true if the instruction has an branch taken hint prefix
BOOL LEVEL_CORE::INS_ChangeReg ( const INS  ins,
const REG  old_reg,
const REG  new_reg,
const BOOL  as_read 
)

Change all occurrences of old_reg to new_reg in the r/w sets of the ins. Return TRUE if at least one occurrence changed.

UINT32 LEVEL_CORE::INS_EffectiveAddressWidth ( INS  ins)
Returns:
the width of the effective address in bits
BOOL LEVEL_CORE::INS_FullRegRContain ( const INS  ins,
const REG  reg 
)
Returns:
true if ins uses reg as a read operand
BOOL LEVEL_CORE::INS_FullRegWContain ( const INS  ins,
const REG  reg 
)
Returns:
true if ins uses reg as a write operand
VOID LEVEL_CORE::INS_GetFarPointer ( INS  ins,
UINT16 &  segment_selector,
UINT32 &  displacement 
)
Returns:
the segment selector and displacement from a direct far jump.
BOOL LEVEL_CORE::INS_hasKnownMemorySize ( INS  ins)
Returns:
false if this instruction has a memory operand for which IARG_MEMORYREAD_SIZE or IARG_MEMORYWRITE_SIZE cannot be used (e.g. vectorized memory reference of the GATHER/SCATTER instructions).
BOOL LEVEL_CORE::INS_HasMemoryVector ( INS  ins)
Returns:
TRUE iff the ins has a memory vector, i.e. the memory is accessed using a base address and an index vector with a scale.
BOOL LEVEL_CORE::INS_HasRealRep ( INS  ins)
Returns:
whether the instruction has a real REP/REPZ/REPNZ prefix (i.e. one which is not just part of the opcode encoding but does cause the instruction to repeat).
BOOL LEVEL_CORE::INS_IsDirectFarJump ( INS  ins)
Returns:
true if the target address is a direct far jump
BOOL LEVEL_CORE::INS_IsFarCall ( INS  ins)
Returns:
true if ins is a Far Call instruction
BOOL LEVEL_CORE::INS_IsFarJump ( INS  ins)
Returns:
true if ins is a Far Jump instruction
BOOL LEVEL_CORE::INS_IsFarRet ( INS  ins)
Returns:
true if ins is a far ret instruction
BOOL LEVEL_CORE::INS_IsHalt ( INS  ins)
Returns:
true if the ins is a halt or reserved undefined (UD2) instruction.
BOOL LEVEL_CORE::INS_IsInterrupt ( INS  ins)

Return TRUE if the INS is an interrupt category instruction

BOOL LEVEL_CORE::INS_IsIRet ( INS  ins)

Returns true iff the given ins is an iret instruction.

Note:
See also INS_IsRet.
Returns:
true if the instruction is an iret.
BOOL LEVEL_CORE::INS_IsMaskMov ( const INS  ins)
Returns:
true if this instruction is a maskmovq or maskmovdqu.
BOOL LEVEL_CORE::INS_IsMov ( const INS  ins)

returns true if this instruction is a move.

BOOL LEVEL_CORE::INS_IsMovFullRegRegSame ( const INS  ins)

returns true if this instruction is a mov reg1, reg1. And reg1 is a full reg

BOOL LEVEL_CORE::INS_IsPcMaterialization ( INS  ins)
Returns:
true if this is a call to the next instruction, which is an idiom for materializing the instruction pointer
BOOL LEVEL_CORE::INS_IsRDTSC ( const INS  ins)
Returns:
true if this instruction is an rdtsc or rdtscp.
BOOL LEVEL_CORE::INS_IsStandardMemop ( INS  ins)
Returns:
false if this instruction has a memory operand which has unconventional meaning (e.g. vectorized memory reference of the GATHER/SCATTER instructions or some of the XSAVE instructions).
BOOL LEVEL_CORE::INS_IsStringop ( INS  ins)
Returns:
true if the instruction is a string op (can be REP prefixed).
BOOL LEVEL_CORE::INS_IsSub ( const INS  ins)

returns true if this instruction is a subtract.

BOOL LEVEL_CORE::INS_IsSysenter ( INS  ins)
Returns:
true if the instruction is a SysEnter
BOOL LEVEL_CORE::INS_IsVgather ( INS  ins)
Returns:
TRUE iff the ins is a VGATHER* instruction
BOOL LEVEL_CORE::INS_IsVscatter ( INS  ins)
Returns:
TRUE iff the ins is a VSCATTER* instruction
BOOL LEVEL_CORE::INS_IsXbegin ( INS  ins)
Returns:
true if the instruction is a Xbegin
BOOL LEVEL_CORE::INS_IsXchg ( INS  ins)
Returns:
true if the instruction is an "xchg"
BOOL LEVEL_CORE::INS_IsXend ( INS  ins)
Returns:
true if the instruction is a Xend
BOOL LEVEL_CORE::INS_LockPrefix ( INS  ins)
Returns:
true if the instruction has a lock prefix.
REG LEVEL_CORE::INS_MemoryBaseReg ( INS  ins)
Returns:
The base register used in the instruction's memory operand, or REG_INVALID() if there is no base register.
ADDRDELTA LEVEL_CORE::INS_MemoryDisplacement ( INS  ins)
Returns:
The memory displacement of an instrucation with memory operand.
Note:
: the displacement is a signed number.
REG LEVEL_CORE::INS_MemoryIndexReg ( INS  ins)
Returns:
The index register used in the instruction's memory operand, or REG_INVALID() if there is no index register.
UINT32 LEVEL_CORE::INS_MemoryOperandIndexToOperandIndex ( INS  ins,
UINT32  memopIdx 
)

Convert a memory operand index into a simple operand index.

Parameters:
[in]insThe instruction.
[in]memopIdxMemory operand's index in the range [0, n-1], where n is from INS_MemoryOperandCount().
Returns:
operand index
UINT32 LEVEL_CORE::INS_MemoryScale ( INS  ins)
Returns:
The scale factor (1,2,4,8) by which the index register in the instruction's memory operand is multiplied.
UINT32 LEVEL_CORE::INS_OperandCount ( INS  ins)

Tells the number of operands for the instruction. Several other APIs take an operand index as a parameter. Those APIs expect an index in the range [0, n-1], where n is the value returned by INS_OperandCount().

Parameters:
[in]insThe instruction.
Returns:
The number of operands for the instruction.
UINT64 LEVEL_CORE::INS_OperandImmediate ( INS  ins,
UINT32  n 
)

Although return type is UINT64, on 32-bit systems only the lower 32 bits are utilized. To see how to retrieve immediate values with correct width and sign information, see example in test tool PinTools/SimpleExamples/oper-imm.cpp.

Returns:
immediate value for operand
BOOL LEVEL_CORE::INS_OperandIsBranchDisplacement ( INS  ins,
UINT32  n 
)
Returns:
true if this operand is a displacement (e.g. branch offset)
BOOL LEVEL_CORE::INS_OperandIsFixedMemop ( INS  ins,
UINT32  n 
)
Returns:
TRUE if memory operand uses predefined base register and this register can not be changed Example: movs ds:(esi), es:(edi) There are two fixed operands
BOOL LEVEL_CORE::INS_OperandIsImmediate ( INS  ins,
UINT32  n 
)
Returns:
true if this operand is an immediate
BOOL LEVEL_CORE::INS_OperandIsImplicit ( INS  ins,
UINT32  n 
)
Returns:
true if this operand is implied by the opcode (e.g. the stack write in a push instruction)
BOOL LEVEL_CORE::INS_OperandIsMemory ( INS  ins,
UINT32  n 
)
Returns:
true if this operand is a memory reference

Note: this does not include LEA operands.

BOOL LEVEL_CORE::INS_OperandIsReg ( INS  ins,
UINT32  n 
)
Returns:
true if this operand is a register
BOOL LEVEL_CORE::INS_OperandIsSegmentReg ( INS  ins,
UINT32  n 
)
Returns:
true if this operand is a segment register
REG LEVEL_CORE::INS_OperandMemoryBaseReg ( INS  ins,
UINT32  n 
)
Returns:
register used as base register in memory operand, or REG_INVALID() Effective address = Displacement + BaseReg + IndexReg * Scale
ADDRDELTA LEVEL_CORE::INS_OperandMemoryDisplacement ( INS  ins,
UINT32  n 
)
Returns:
The memory displacement of an instrucation with memory operand.
Note:
the displacement is a signed number. Effective address = Displacement + BaseReg + IndexReg * Scale
REG LEVEL_CORE::INS_OperandMemoryIndexReg ( INS  ins,
UINT32  n 
)
Returns:
register used as index register in memory operand, or REG_INVALID() Effective address = Displacement + BaseReg + IndexReg * Scale
UINT32 LEVEL_CORE::INS_OperandMemoryScale ( INS  ins,
UINT32  n 
)
Returns:
scale used for addressing in memory operand. Effective address = Displacement + BaseReg + IndexReg * Scale
REG LEVEL_CORE::INS_OperandMemorySegmentReg ( INS  ins,
UINT32  n 
)
Returns:
register used as segment register in memory operand, or REG_INVALID()
BOOL LEVEL_CORE::INS_OperandRead ( INS  ins,
UINT32  n 
)

Tells if an instruction operand is a source; it may also be a destination.

Parameters:
[in]insThe instruction.
[in]nOperand's index in the range [0, n-1], where n is from INS_OperandCount().
Returns:
TRUE if the operand is a source.
BOOL LEVEL_CORE::INS_OperandReadAndWritten ( INS  ins,
UINT32  n 
)

Tells if an instruction operand is both a source and a destination.

Parameters:
[in]insThe instruction.
[in]nOperand's index in the range [0, n-1], where n is from INS_OperandCount().
Returns:
TRUE if the operand is both a source and a destination.
BOOL LEVEL_CORE::INS_OperandReadOnly ( INS  ins,
UINT32  n 
)

Tells if an instruction operand is just a source (and not a destination).

Parameters:
[in]insThe instruction.
[in]nOperand's index in the range [0, n-1], where n is from INS_OperandCount().
Returns:
TRUE if the operand is just a source.
REG LEVEL_CORE::INS_OperandReg ( INS  ins,
UINT32  n 
)
Returns:
register name for this operand, may return REG_INVALID()
BOOL LEVEL_CORE::INS_OperandSizePrefix ( INS  ins)
Returns:
true if the instruction has an operand size prefix.
UINT32 LEVEL_CORE::INS_OperandWidth ( INS  ins,
UINT32  n 
)
Returns:
operand width in bits.
BOOL LEVEL_CORE::INS_OperandWritten ( INS  ins,
UINT32  n 
)

Tells if an instruction operand is a destination; it may also be a source.

Parameters:
[in]insThe instruction.
[in]nOperand's index in the range [0, n-1], where n is from INS_OperandCount().
Returns:
TRUE if the operand is a destination.
BOOL LEVEL_CORE::INS_OperandWrittenOnly ( INS  ins,
UINT32  n 
)

Tells if an instruction operand is just a destination (and not a source).

Parameters:
[in]insThe instruction.
[in]nOperand's index in the range [0, n-1], where n is from INS_OperandCount().
Returns:
TRUE if the operand is just a destination.
BOOL LEVEL_CORE::INS_RegIsImplicit ( INS  ins,
REG  reg 
)

Assumes that reg is a PIN register

Returns:
true if the ins has
REG LEVEL_CORE::INS_RepCountRegister ( INS  ins)
Returns:
register used as the repeat counter by this REP prefixed instruction, or REG_INVALID() if the instruction does not have a real REP prefix.
BOOL LEVEL_CORE::INS_RepnePrefix ( INS  ins)
Returns:
true if the instruction has an REPNE (0xF2) prefix.
BOOL LEVEL_CORE::INS_RepPrefix ( INS  ins)
Returns:
true if the instruction has an REP (0xF3) prefix.
BOOL LEVEL_CORE::INS_SegmentPrefix ( INS  ins)
Returns:
true if the instruction has a segment prefix; Call INS_SegmentRegPrefix() to get the actual prefix register name.
REG LEVEL_CORE::INS_SegmentRegPrefix ( INS  ins)
Returns:
Segment overide prefix used by INS
BOOL LEVEL_CORE::INS_SegPrefixIsMemoryRead ( INS  ins)
Returns:
true if this Seg prefixed instruction reads memory
BOOL LEVEL_CORE::INS_SegPrefixIsMemoryWrite ( INS  ins)
Returns:
true if this Seg prefixed instruction writes to memory
VOID LEVEL_CORE::PIN_SetSyntaxATT ( )

Sets the disassembly syntax to ATT SYSV format. (Destination on the right)

VOID LEVEL_CORE::PIN_SetSyntaxIntel ( )

Sets the disassembly syntax to Intel format. (Destination on the left)

VOID LEVEL_CORE::PIN_SetSyntaxXED ( )

Sets the disassembly syntax to Intel(R) X86 Encoder Decoder detailed format which lists all resources read and written.

 All Classes Namespaces Functions Variables Typedefs Enumerations Enumerator