How should I organize header files (.h) in order to compile and build DisassembleSimple.c in Visual Studio 2019

[Victor6799]

I'm trying to compile and build the example file called Disassemble.c its located from the following URL:

zydis/examples/DisassembleSimple.c

Lines 38 to 63 in 214536a

	ZyanU8 data[] =
	{
	0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,
	0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,
	0x88, 0xFC, 0xDA, 0x02, 0x00
	};
	// The runtime address (instruction pointer) was chosen arbitrarily here in order to better
	// visualize relative addressing. In your actual program, set this to e.g. the memory address
	// that the code being disassembled was read from.
	ZyanU64 runtime_address = 0x007FFFFFFF400000;
	// Loop over the instructions in our buffer.
	ZyanUSize offset = 0;
	ZydisDisassembledInstruction instruction;
	while (ZYAN_SUCCESS(ZydisDisassembleIntel(
	/* machine_mode: */ ZYDIS_MACHINE_MODE_LONG_64,
	/* runtime_address: */ runtime_address,
	/* buffer: */ data + offset,
	/* length: */ sizeof(data) - offset,
	/* instruction: */ &instruction
	))) {
	printf("%016" PRIX64 " %s\n", runtime_address, instruction.text);
	offset += instruction.info.length;
	runtime_address += instruction.info.length;
	}

I'm using Visual Studio 2019 Community on Windows 8.1.

But I'm getting the following error:

Error (active) E0020 identifier "ZydisDisassembledInstruction" is undefined ConsoleApp1

I just need some documentation on how to install Zydis with all headers as I do know how to add the include directories to VS 2019.

[mappzor]

If you just want to compile examples it's best to use provided VS2022 projects or generate VS2019/VS2022 projects with CMake.

To use Zydis in your own projects, you will need to include Zydis and Zycore paths for headers:

zydis\dependencies\zycore\include
zydis\include

Library path will depend on your build method (msvc projects vs CMake). If you are using static library don't forget to define ZYDIS_STATIC_BUILD in Properties -> C/C++ -> Preprocessor ->Preprocessor Definitions.

[Victor6799]

@mappzor thanks. Just another question please. If I want to decode (dissemble) binary data (1-15) bytes at a time do I not need to statically link the zydis.lib and/or Zycore.lib with my project and include the header (*.h) for the exported functions that I'm referencing in my project ? Thanks again.

[mappzor]

Zydis is not a header-only library. You will need to link with zydis.lib, doesn't matter if you want to achieve dynamic or static linking.

[Victor6799]

@mappzor can you tell me firstly how to properly download the repository for Zydis ? Should I use Git-Bash or just download the zip file from the website ? I would like to compile and build all examples. I've tried both using Git and downloading the zip file but when I try building the SLN for Zydis and ZyCore I get compile errors such as *.h and *.c project (both) files cannot be found. Second thing that I would like to do is to build the Zydis.lib so I can link it in with my kernel mode project. How can I accomplish this second request ? I'm using Visual Studio 2022 Community for building Zydis.sln.

[mappzor]

DO NOT download the zip file because it doesn't contain Zycore (git submodules don't work well with Github's releases, nothing can be done about this). You need to perform recursive clone as suggested in readme git clone --recursive 'https://github.com/zyantific/zydis.git'. This will download Zycore into dependencies folder.

If you want kernel sample (ZydisWinKernel) you should use provided solution file from msvc folder. CMake won't do the job here. Keep in mind those project files are for VS2022 only.

[Victor6799]

@mappzor thank you again. Just wanted to share that I was able to compile the solution for Visual Studio 2022 successfully thank you. Also I was able to successfully link the Zydis.lib file in my kernel mode project without any problems except for one hitch. In the Defines.h file I had to make the following change in order for the linking to work successfully:

define ZYDIS_EXPORT ZYAN_DLLIMPORT (old)
define ZYDIS_EXPORT ZYAN_DLLIMPORT extern "C" (new)

The reason I believe this change was necessary was because my file (in my project where I was calling ZydisDisassembleIntel(...)) had the extension cpp and was likely being mangled by the compiler/linker. So I made the above change, Please let me know if this was a good decision.

[mappzor]

Please let me know if this was a good decision.

No, it's a sign of a linking issue.

Zydis wraps its declarations with a conditional extern "C", so inclusion from C++ code is not an issue under normal circumstances. Also in the worst case you want to do something like this instead of manually modifying your dependencies.

[Victor6799]

@mappzor many thanks for being patient. I finally got my project to compile and link successfully. However I tried the recommended solution from the link you provided and still was getting the linking error. Here is what I did I declared the exported function in my .h file as follows:

ZYDIS_EXPORT extern "C" ZyanStatus ZydisDisassembleIntel(ZydisMachineMode machine_mode,
    ZyanU64 runtime_address, const void* buffer, ZyanUSize length,
    ZydisDisassembledInstruction* instruction);

Please keep in mind that without the extern "C" I still would get the linking error. I also tried defining the macro __cplusplus in my Project Properties but still would get same linking error. I'm not sure whether this is correct or not. Please feel free to comment. Thanks again.

[mappzor]

As I said, it's far from correct. Zydis already does extern "C" when __cplusplus is defined. It's a linking issue on your end. Make sure you are using the correct Zydis build. You probably want static build, so make sure ZYDIS_STATIC_BUILD is correctly defined in your project and that Zydis is actually built as static.

[Victor6799]

@mappzor thank you. So this is where I'm at now. I declared the following function (see below) in my .h file and statically linked Zydis.lib file and the project now links successfully. Is this the correct way to do it ? I did not make any changes to any of the .h Zydis files.

ZyanStatus ZydisDisassembleIntel(ZydisMachineMode machine_mode, ZyanU64 runtime_address, const void* buffer, ZyanUSize length, ZydisDisassembledInstruction* instruction);

[mappzor]

In a proper setup #include <Zydis/Zydis.h> is all that is required.

[Victor6799]

@mappzor thank you again. Its working exactly as you stated. All that was needed was the inclusion of the Zydis.h header file and the inclusion of the ZYDIS_STATIC_BUILD preprocessor definition and the linking of the Zydis.lib library. REALLY good job on this project. Job well done!