This is a small project that shows how to use Zydis. It loads a PE file from disk, scans for byte patterns, and then disassembles instructions around the matches.
- Reads a PE file (like a
.sysor.exe) from disk - Finds bytes with a simple pattern scan
- Uses Zydis to decode + format x64 instructions
This project is set up to use vcpkg through MSBuild. It will look for vcpkg in:
VCPKG_ROOT(environment variable), orC:\vcpkg(fallback)
- Install vcpkg (once):
git clone https://github.com/microsoft/vcpkg
cd vcpkg
.\bootstrap-vcpkg.bat- Install Zydis (x64, static, MSVC runtime MD):
.\vcpkg install zydis:x64-windows-static-md- Integrate vcpkg with Visual Studio (recommended):
.\vcpkg integrate installIf you don’t want global integration, you can also pass the toolchain file to CMake builds. (This repo is a Visual Studio solution though.)
- Open
ZydisExample.sln - Select Release + x64
- Build
By default the sample tries to load a specific file path. If it can’t find your file, just change the path in ZydisExample/main.cpp and run again.
Credits to @dword64 inspired base from him.