Opcodes - Database of CPU Opcodes

  •        1

This project is a spin-off from PeachPy assembler. This work is a research project at the HPC Garage lab in the Georgia Institute of Technology, College of Computing, School of Computational Science and Engineering.




Related Projects

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

Udis86 Disassembler for x86 and x86-64

  •    C

Udis86 is an easy-to-use minimalistic disassembler library for the x86 and x86-64 instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis.

Triton - Triton is a Dynamic Binary Analysis (DBA) framework

  •    C++

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).

x86doc - HTML representation of the Intel x86 instructions documentation.

  •    Python

I needed a parsable copy of Intel's x86 instruction set documentation for a personal project, so I downloaded volumes 2A and 2B of the Intel® 64 and IA-32 Architectures Software Developer's Manual (which can be found here and here, respectively), and used a online PDF-to-HTML tool to transform them to HTML files. Unfortunately, the result was beyond terrible and absolutely unusable. They say that you're never better served than by yourself, so I took the matter into my own, pdfminer-gloved hands to extract HTML pages straight from the documentation PDF themselves.

stoke - STOKE: A stochastic superoptimizer and program synthesizer

  •    C++

STOKE is a stochastic optimizer and program synthesizer for the x86-64 instruction set. STOKE uses random search to explore the extremely high-dimensional space of all possible program transformations. Although any one random transformation is unlikely to produce a code sequence that is desirable, the repeated application of millions of transformations is sufficient to produce novel and non-obvious code sequences. STOKE can be used in many different scenarios, such as optimizing code for performance or size, synthesizing an implementation from scratch or to trade accuracy of floating point computations for performance. As a superoptimizer, STOKE has been shown to outperform the code produced by general-purpose and domain-specific compilers, and in some cases expert hand-written code. In addition to searching over programs, STOKE contains verification infrastructure to show the equivalence between x86-64 programs. STOKE can consider test-cases, perform bounded verification all the way to fully formal verification that shows the equivalence for all possible inputs.

shellcodeexec - Script to execute in memory a sequence of opcodes

  •    C

Most of the shellcode launchers out there, including proof of concepts part of many "security" books, detail how to allocate a memory page as readable/writable/executable on POSIX systems, copy over your shellcode and execute it. This works just fine. However, it is limited to POSIX, does not necessarily consider 64-bit architecture and Windows systems. shellcodeexec is an open source script to execute in memory a sequence of opcodes.

rust-crypto - A (mostly) pure-Rust implementation of various cryptographic algorithms.

  •    Rust

A (mostly) pure-Rust implementation of various common cryptographic algorithms. Rust-Crypto seeks to create practical, auditable, pure-Rust implementations of common cryptographic algorithms with a minimum amount of assembly code where appropriate. The x86-64, x86, and ARM architectures are supported, although the x86-64 architecture receives the most testing.

trapcc - Computing with traps

  •    C

This is a proof by construction that the Intel MMU's fault handling mechanism is Turing complete. We have constructed an assembler that translates 'Move, Branch if Zero, Decrement' instructions to C source that sets up various processor control tables. After this code has executed, the CPU computes by attempting to fault without ever executing a single instruction. Optionally, the assembler can also generate X86 instructions that will display variables in the VGA frame buffer and will cause control to be transferred between the native (display) instructions and 'weird machine' trap instructions. To read up on the awesome idea of weird machines and their uses, see @sergeybratus's and @halvarflake's work. In short, we are trying to find hidden state and derive computation of it in unexpected places. One practical use of this technique is for code obfuscation - many (kernel) debuggers will break due to the frequent context switches (esp. cooperative debuggers like KGDB) and analyzing the binary is going to be extraordinaly confusing, especially if normal X86 instructions and trap instructions are interleaved to do weird control transfer. Furthermore, out of the many virtual machines only Bochs runs such trap based programs correctly (and there are other tricks to distinguish bochs from a real box).

zydis - Fast and lightweight x86/x86-64 disassembler library

  •    C

Fast and lightweight x86/x86-64 disassembler library. The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

x64asm - x86-64 assembler library

  •    C++

Simplicity: x64 asm does NOT include a register allocator, instruction scheduler, control flow graph builder, or any of the features you would expect of a full compiler. It is a low-level library for building YOUR optimizing compiler. Completeness: x64asm supports the entire ring 3 application level subset of the x86_64 instruction set, including the most recent AVX2/BMI1/BMI2/FMA extensions.

x86/x86-64 assembler/jitter written in C#


The project goal is to develop a library for generating machine code irrelatively to machine architecture. Assembler-like C# API is a bonus.

cemu - Cheap EMUlator: lightweight multi-architecture assembly playground

  •    Python

Writing assembly is fun. Assembly is the lowest language (humanly understandable) available to communicate with computers, and is crucial to understand the internal mechanisms of any machine. Unfortunately, setting up an environment to write, compile and run assembly for various architectures (x86, ARM, MIPS, SPARC) has always been painful. CEmu is an attempt to fix this by providing a bundled GUI application that empowers users to write assembly and test it by compiling it to bytecode and executing it in an QEMU-based emulator. CEmu combines all the advantages of a basic assembly IDE, compilation and execution environment, by relying on the great libraries Keystone, Unicorn and Capstone engines in a Qt powered GUI.

minilisp - A readable lisp in less than 1k lines of C

  •    C

All those in 1000 lines of C. I didn't sacrifice readability for size. The code is in my opinion heavily commented to help the reader understand how all these features work. MiniLisp has been tested on Linux x86/x86-64 and 64 bit Mac OS. The code is not very architecture dependent, so you should be able to compile and run on other Unix-like operating systems.

Software x86 CPU emulator library

  •    C

Softx86 is a library that provides software emulation of an Intel 80x86 CPU. The library takes care of executing opcodes and handling exceptions while the host application is responsible for providing simulated RAM, I/O devices, external signals.

zyan-disassembler-engine - Fast and lightweight x86/x86-64 disassembler library.

  •    C++

Fast and lightweight x86/x86-64 disassembler library.

udis86 - Disassembler Library for x86 and x86-64

  •    C

Disassembler Library for x86 and x86-64

xbyak - a JIT assembler for x86(IA-32)/x64(AMD64, x86-64) MMX/SSE/SSE2/SSE3/SSSE3/SSE4/FPU/AVX/AVX2/AVX-512 by C++ header

  •    C++

This is a header file which enables dynamically to assemble x86(IA32), x64(AMD64, x86-64) mnemonic. header file only you can use Xbyak's functions at once if xbyak.h is included.

idaref - IDA Pro Instruction Reference Plugin

  •    PLpgSQL

IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful. Enter IdaRef: The plugin will monitor the location for your cursor (ScreenEA) and display the full documentation of the instruction. At the moment it only supports x86-64, ARM and MIPS 32bit, however adding support for other architectures is relatively easy.

libjpeg-turbo - Main libjpeg-turbo repository

  •    C

libjpeg-turbo is a JPEG image codec that uses SIMD instructions (MMX, SSE2, NEON, AltiVec) to accelerate baseline JPEG compression and decompression on x86, x86-64, ARM, and PowerPC systems. On such systems, libjpeg-turbo is generally 2-6x as fast as libjpeg, all else being equal. On other types of systems, libjpeg-turbo can still outperform libjpeg by a significant amount, by virtue of its highly-optimized Huffman coding routines. In many cases, the performance of libjpeg-turbo rivals that of proprietary high-speed JPEG codecs.libjpeg-turbo implements both the traditional libjpeg API as well as the less powerful but more straightforward TurboJPEG API. libjpeg-turbo also features colorspace extensions that allow it to compress from/decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.), as well as a full-featured Java interface.

wePWNise - WePWNise generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software

  •    Python

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies (SRPs) and EMET mitigations and dynamically identifies safe binaries to inject payloads into. wePWNise integrates with existing exploitation frameworks (e.g. Metasploit, Cobalt Strike) and it also accepts any custom payload in raw format. wePWNise requires both 32 and 64 bit raw payloads in order to be able to deliver the appropriate type when it lands on an unknown target. However, if only an x86 architecture is targeted, a dummy 64 bit payload must be provided to replace the missing code.