BDDISASM v3.0.0 - multiple improvements

* Implemented support for minimal decoding: integrators can choose to use the new API which returns a smaller structure (64-bytes); instruction metadata can be retrieved using new API functions
* Improved decoding performance by performing instruction validity checks during decode tree lookup
* Multiple improvements & fixes around APX & REX2 instructions
* Re-worked the ISA generator library

Author: vlutas

CHANGELOG.md

@@ -5,6 +5,24 @@ All notable (user-facing) changes to this project will be documented in this fil
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 
+## [3.0.0] - 2025-07-14
+
+### Added
+- Support for minimal decoding - the new minimal decode APIs `NdDecodeMini`, `NdDecodeWithContextMini` decode an instruction and provide only the core information in a new `INSTRUX_MINI` structure, which is only 64-bytes in size.
+- Operands are not provided by default in an `INSTRUX_MINI` - in order to decode an operand, the integrator must use `NdGetOperandMini`, which will output a `ND_OPERAND`, which is identical to the legacy format.
+- Metadata is not provided by default in an `INSTRUX_MINI` - in order to access metadata such as instruction set, valid prefixes, CPUID info, etc., new API is provided in `bdx86_api_mini.h`.
+- All the fields from the legacy `INSTRUX` are either already present inside `INSTRUX_MINI`, or accessible via the API.
+- The legacy API continues to function without any change needed.
+
+### Fixed
+- Allow `REX2` prefix with `MPX` instruction, and ignore `R4` and `B4` fields.
+- Fixed `EVEX.U` handling.
+
+### Changed
+- The following instructions are no longer supported: `JMPE Ev`, `JMPE Jz`.
+- Improved decoding performance by moving validty checks during the decode tree walk - this way, checks are only performed for those instructions that need them.
+
+
 ## [2.3.0] - 2024-11-07
 
 ### Added

CMakeLists.txt

@@ -2,6 +2,7 @@ cmake_minimum_required(VERSION 3.16)
 
 option(BDD_INCLUDE_TOOL "Include the disasmtool executable" ON)
 option(BDD_INCLUDE_ISAGENERATOR_X86 "Include the x86 isagenerator target (if a python interpreter is found)" ON)
+option(BDD_INCLUDE_TESTS "Include decoder & emulator tests" OFF)
 option(BDD_INCLUDE_FUZZERS "Include the bdshemu fuzzer" OFF)
 option(BDD_USE_EXTERNAL_VSNPRINTF "Expect nd_vsnprintf_s implementation from the integrator" OFF)
 option(BDD_USE_EXTERNAL_MEMSET "Expect nd_memset implementation from the integrator" OFF)
@@ -113,12 +114,17 @@ add_library(
     bddisasm/bdx86_decoder.c
     bddisasm/bdx86_formatter.c
     bddisasm/bdx86_helpers.c
+    bddisasm/bdx86_idbe.c
+    bddisasm/bdx86_operand.c
     # Add the headers so they will show up in IDEs.
     bddisasm/include/bddisasm_crt.h
     bddisasm/include/bdx86_instructions.h
     bddisasm/include/bdx86_mnemonics.h
+    bddisasm/include/bdx86_modrm.h
     bddisasm/include/bdx86_prefixes.h
+    bddisasm/include/bdx86_rex2.h
     bddisasm/include/bdx86_tabledefs.h
+    bddisasm/include/bdx86_operand.h
     bddisasm/include/bdx86_table_evex.h
     bddisasm/include/bdx86_table_root.h
     bddisasm/include/bdx86_table_vex.h

README.md

@@ -191,6 +191,19 @@ Note that by default, the default vendor `ND_VEND_ANY` is used for decoding (whi
 
 Converting decoded instructions to textual disassembly must be done using the `NdToText` API. bddisasm only supports Intel, masm-style syntax.
 
+### Minimal Decoding API
+
+The default (legacy) decoding API provides a large `INSTRUX` structure (around 480-bytes long) which contains all the possible information about the instruction, including all of the operands. When faster decoder performance and/or smaller `INSTRUX` is needed, the minimal decode API can be used:
+
+- `NDSTATUS NdDecodeMini(INSTRUX_MINI *Instrux, const uint8_t *Code, size_t Size, uint8_t DefCode)`
+- `NDSTATUS NdDecodeWithContextMini(INSTRUX_MINI *Instrux, const uint8_t *Code, size_t Size, ND_CONTEXT *Context);`
+
+The `INSTRUX_MINI` is only 64-bytes long, and provides all the core instruction information, except for the operands and metadata. If needed, operands can be accessed via the following new API:
+
+- `NDSTATUS NdGetOperandMini(const INSTRUX_MINI *Instrux, ND_UINT8 Index, ND_OPERAND *Operand);` - decodes instruction operand at index `Index`
+
+Each type of metadata can also be retrieved from an `INSTRUX_MINI` using API. For example, in order to retrieve the stack access type, `NdGetStackAccessMini` API can be used; to retrieve the valid modes, `NdGetValidModesMini` can be used, etc. Consult `bdx86_api_mini.h` for a list of all available APIs.
+
 ### Example
 
 Working with bddisasm is very easy. Decoding and printing the disassembly of an instruction is quick & simple:
@@ -307,6 +320,34 @@ Working with the extended API is also trivial:
     ...
 ```
 
+Working with the minimal decoder is equally simple:
+
+```c
+    INSTRUX_MINI ix;
+    ND_CONTEXT ctx;
+    ND_OPERAND op;
+    char text[ND_MIN_BUF_SIZE];
+    uint8_t code[] = { 0x48, 0x8B, 0x48, 0x28 };
+
+    // This has to be done only once. The same context can be used by both the legacy and mini API!
+    NdInitContext(&ctx);
+
+    ctx.DefCode = ND_CODE_64;
+    ctx.DefData = ND_DATA_64;
+    ctx.DefStack = ND_STACK_64;
+    ctx.VendMode = ND_VEND_ANY;
+    ctx.FeatMode = ND_FEAT_ALL; // Use ND_FEAT_NONE, if you wish to see NOPs instead of MPX/CET/CLDEMOTE instructions.
+
+    // From here one, the ctx can be reused for any number of NdDecodeWithContextMini calls.
+    NDSTATUS status = NdDecodeWithContextMini(&ix, code, sizeof(code), &ctx);
+    ...
+    // Getting the first operand.
+    status = NdGetOperandMini(&ix, 0, &op);
+    ...
+    // Formatting the instruction.
+    status = NdToTextMini(&ix, 0, sizeof(text), text);
+    ...
+```
 ## Credits
 
-The entire Bitdefender HVI team.
+The entire Bitdefender HVI team.

bddisasm/Makefile

@@ -1,6 +1,6 @@
 .PHONY: clean
 
-SRC_FILES := bddisasm_crt.c bdx86_decoder.c bdx86_formatter.c bdx86_helpers.c
+SRC_FILES := bddisasm_crt.c bdx86_decoder.c bdx86_formatter.c bdx86_helpers.c bdx86_operand.c bdx86_idbe.c
 
 OBJECTS := $(SRC_FILES:.c=.o)
 

bddisasm/bddisasm.vcxproj

@@ -513,6 +513,7 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <ProgramDataBaseFileName>$(SolutionDir)bin\$(Platform)\$(Configuration)\$(ProjectName).pdb</ProgramDataBaseFileName>
       <CompileAs>Default</CompileAs>
+      <EnableEnhancedInstructionSet>NotSet</EnableEnhancedInstructionSet>
     </ClCompile>
     <ProjectReference>
       <LinkLibraryDependencies>false</LinkLibraryDependencies>
@@ -665,8 +666,12 @@
       <ForcedIncludeFiles Condition="'$(Configuration)|$(Platform)'=='ReleaseKernel|ARM64'">
       </ForcedIncludeFiles>
     </ClCompile>
+    <ClCompile Include="bdx86_idbe.c" />
+    <ClCompile Include="bdx86_operand.c" />
   </ItemGroup>
   <ItemGroup>
+    <ClInclude Include="..\inc\bdx86_api_legacy.h" />
+    <ClInclude Include="..\inc\bdx86_api_mini.h" />
     <ClInclude Include="..\inc\bdx86_core.h" />
     <ClInclude Include="..\inc\bdx86_constants.h" />
     <ClInclude Include="..\inc\bdx86_cpuidflags.h" />
@@ -678,7 +683,10 @@
     <ClInclude Include="include\bdx86_instructions.h" />
     <ClInclude Include="include\bdx86_mnemonics.h" />
     <ClInclude Include="include\bddisasm_crt.h" />
+    <ClInclude Include="include\bdx86_modrm.h" />
+    <ClInclude Include="include\bdx86_operand.h" />
     <ClInclude Include="include\bdx86_prefixes.h" />
+    <ClInclude Include="include\bdx86_rex2.h" />
     <ClInclude Include="include\bdx86_tabledefs.h" />
     <ClInclude Include="include\bdx86_table_evex.h" />
     <ClInclude Include="include\bdx86_table_root.h" />

bddisasm/bddisasm.vcxproj.filters

@@ -34,6 +34,18 @@
     <Filter Include="Header Files\private\x86\tables">
       <UniqueIdentifier>{b9961460-d06f-4288-9708-44ca965c4a0d}</UniqueIdentifier>
     </Filter>
+    <Filter Include="Header Files\private\x86\idb">
+      <UniqueIdentifier>{1afeef2f-6b37-4b08-b321-4789ced61bb8}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\public\x86\api">
+      <UniqueIdentifier>{a32fb32a-5ab0-45b4-8262-1791007e2445}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\public\x86\defs">
+      <UniqueIdentifier>{cffff9de-0123-42c2-b693-7aee2456a39a}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Header Files\private\x86\opclut">
+      <UniqueIdentifier>{71d053b5-37c1-4ca8-bc98-3b4a89e7cef4}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="bddisasm_crt.c">
@@ -48,23 +60,20 @@
     <ClCompile Include="bdx86_helpers.c">
       <Filter>Source Files\x86</Filter>
     </ClCompile>
+    <ClCompile Include="bdx86_idbe.c">
+      <Filter>Source Files\x86</Filter>
+    </ClCompile>
+    <ClCompile Include="bdx86_operand.c">
+      <Filter>Source Files\x86</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\inc\bddisasm_version.h">
       <Filter>Header Files\public</Filter>
     </ClInclude>
-    <ClInclude Include="..\inc\bdx86_constants.h">
-      <Filter>Header Files\public\x86</Filter>
-    </ClInclude>
-    <ClInclude Include="..\inc\bdx86_cpuidflags.h">
-      <Filter>Header Files\public\x86</Filter>
-    </ClInclude>
     <ClInclude Include="..\inc\bddisasm_types.h">
       <Filter>Header Files\public</Filter>
     </ClInclude>
-    <ClInclude Include="..\inc\bdx86_registers.h">
-      <Filter>Header Files\public\x86</Filter>
-    </ClInclude>
     <ClInclude Include="..\inc\bddisasm_status.h">
       <Filter>Header Files\public</Filter>
     </ClInclude>
@@ -74,15 +83,6 @@
     <ClInclude Include="..\inc\bdx86_core.h">
       <Filter>Header Files\public\x86</Filter>
     </ClInclude>
-    <ClInclude Include="include\bdx86_instructions.h">
-      <Filter>Header Files\private\x86</Filter>
-    </ClInclude>
-    <ClInclude Include="include\bdx86_mnemonics.h">
-      <Filter>Header Files\private\x86</Filter>
-    </ClInclude>
-    <ClInclude Include="include\bdx86_prefixes.h">
-      <Filter>Header Files\private\x86</Filter>
-    </ClInclude>
     <ClInclude Include="include\bdx86_tabledefs.h">
       <Filter>Header Files\private\x86</Filter>
     </ClInclude>
@@ -101,5 +101,38 @@
     <ClInclude Include="include\bdx86_table_xop.h">
       <Filter>Header Files\private\x86\tables</Filter>
     </ClInclude>
+    <ClInclude Include="include\bdx86_operand.h">
+      <Filter>Header Files\private\x86</Filter>
+    </ClInclude>
+    <ClInclude Include="include\bdx86_instructions.h">
+      <Filter>Header Files\private\x86\idb</Filter>
+    </ClInclude>
+    <ClInclude Include="include\bdx86_mnemonics.h">
+      <Filter>Header Files\private\x86\idb</Filter>
+    </ClInclude>
+    <ClInclude Include="include\bdx86_modrm.h">
+      <Filter>Header Files\private\x86\opclut</Filter>
+    </ClInclude>
+    <ClInclude Include="include\bdx86_prefixes.h">
+      <Filter>Header Files\private\x86\opclut</Filter>
+    </ClInclude>
+    <ClInclude Include="include\bdx86_rex2.h">
+      <Filter>Header Files\private\x86\opclut</Filter>
+    </ClInclude>
+    <ClInclude Include="..\inc\bdx86_api_legacy.h">
+      <Filter>Header Files\public\x86\api</Filter>
+    </ClInclude>
+    <ClInclude Include="..\inc\bdx86_api_mini.h">
+      <Filter>Header Files\public\x86\api</Filter>
+    </ClInclude>
+    <ClInclude Include="..\inc\bdx86_constants.h">
+      <Filter>Header Files\public\x86\defs</Filter>
+    </ClInclude>
+    <ClInclude Include="..\inc\bdx86_cpuidflags.h">
+      <Filter>Header Files\public\x86\defs</Filter>
+    </ClInclude>
+    <ClInclude Include="..\inc\bdx86_registers.h">
+      <Filter>Header Files\public\x86\defs</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>

bddisasm/bddisasm_crt.c

@@ -12,7 +12,7 @@ nd_strcat_s(
     char *dst,
     ND_SIZET dst_size,
     const char *src
-    )
+)
 {
     char *p;
     ND_SIZET available;