public void TestDisassemble()
{
// Create X86 Disassembler.
//
// Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically
// when it is no longer needed.
using (var disassembler = CapstoneDisassembler.CreateArm64Disassembler(DisassembleMode.Arm32)) {
Assert.IsNotNull(disassembler);
// Enable Disassemble Details.
//
// Enables disassemble details, which are disabled by default, to provide more detailed information on
// disassembled binary code.
disassembler.EnableDetails = true;
// Set Disassembler's Syntax.
//
// Make the disassembler generate instructions in Intel syntax.
disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
// Disassemble All Binary Code.
//
// ...
var code = new byte[] { 0x09, 0x00, 0x38, 0xd5, 0xbf, 0x40, 0x00, 0xd5, 0x0c, 0x05, 0x13, 0xd5, 0x20, 0x50, 0x02, 0x0e, 0x20, 0xe4, 0x3d, 0x0f, 0x00, 0x18, 0xa0, 0x5f, 0xa2, 0x00, 0xae, 0x9e, 0x9f, 0x37, 0x03, 0xd5, 0xbf, 0x33, 0x03, 0xd5, 0xdf, 0x3f, 0x03, 0xd5, 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9, 0x20, 0x04, 0x81, 0xda, 0x20, 0x08, 0x02, 0x8b, 0x10, 0x5b, 0xe8, 0x3c };
var instructions = disassembler.DisassembleAll(code, 0x2C);
//Assert.AreEqual(instructions.Length, 2);
}
}
public void TestCreate()
{
var disassembler = CapstoneDisassembler.CreateArm64Disassembler(DisassembleMode.Arm32);
Assert.IsNotNull(disassembler);
Assert.AreEqual(disassembler.Architecture, DisassembleArchitecture.Arm64);
Assert.AreEqual(disassembler.EnableDetails, false);
Assert.AreEqual(disassembler.Mode, DisassembleMode.Arm32);
Assert.AreEqual(disassembler.Syntax, DisassembleSyntaxOptionValue.Default);
}
public AArch64Disassembler(ImageReader rdr)
{
var dasm = CapstoneDisassembler.CreateArm64Disassembler(DisassembleMode.Arm32);
dasm.EnableDetails = true;
this.stream = dasm.DisassembleStream(
rdr.Bytes,
(int)rdr.Offset,
(long)rdr.Address.ToLinear() - rdr.Offset)
.GetEnumerator();
}
public Arm64Instruction[] DisasmArm64(byte[] bytes)
{
const Arm64DisassembleMode disassembleMode = Arm64DisassembleMode.Arm;
using (CapstoneArm64Disassembler disassembler = CapstoneDisassembler.CreateArm64Disassembler(disassembleMode))
{
disassembler.EnableInstructionDetails = true;
disassembler.DisassembleSyntax = DisassembleSyntax.Intel;
Arm64Instruction[] instructions = disassembler.Disassemble(bytes);
return(instructions);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="CapstoneDisassembly"/> class.
/// </summary>
public CapstoneDisassembly() : base(null)
{
this.Caption = "Capstone Disassembly";
// This is the user control hosted by the tool window; Note that, even if this class implements IDisposable,
// we are not calling Dispose on this object. This is because ToolWindowPane calls Dispose on
// the object returned by the Content property.
_disassemblyControl = new CapstoneDisassemblyControl();
this.Content = _disassemblyControl;
_debugListener = new CapstoneDisassemblyDebugListener();
_debugListener.OnBreak += OnDebugBreak;
_debugListener.OnDebugEnd += OnDebugEnd;
// TODO config
_disassembler = CapstoneDisassembler.CreateArm64Disassembler(Gee.External.Capstone.DisassembleMode.Arm32);
_disassembler.EnableDetails = true;
_disassembler.Syntax = Gee.External.Capstone.DisassembleSyntaxOptionValue.Intel;
}
internal static void ShowArm64()
{
// Create ARM64 Disassembler.
//
// Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically
// when it is no longer needed.
using (var disassembler = CapstoneDisassembler.CreateArm64Disassembler(DisassembleMode.Arm32)) {
// Enable Disassemble Details.
//
// Enables disassemble details, which are disabled by default, to provide more detailed information on
// disassembled binary code.
disassembler.EnableDetails = true;
// Set Disassembler's Syntax.
//
// Make the disassembler generate instructions in Intel syntax.
disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
// Disassemble All Binary Code.
//
// ...
var code = new byte[] { 0x09, 0x00, 0x38, 0xd5, 0xbf, 0x40, 0x00, 0xd5, 0x0c, 0x05, 0x13, 0xd5, 0x20, 0x50, 0x02, 0x0e, 0x20, 0xe4, 0x3d, 0x0f, 0x00, 0x18, 0xa0, 0x5f, 0xa2, 0x00, 0xae, 0x9e, 0x9f, 0x37, 0x03, 0xd5, 0xbf, 0x33, 0x03, 0xd5, 0xdf, 0x3f, 0x03, 0xd5, 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9, 0x20, 0x04, 0x81, 0xda, 0x20, 0x08, 0x02, 0x8b, 0x10, 0x5b, 0xe8, 0x3c };
var instructions = disassembler.DisassembleAll(code, 0x2C);
var hexCode = BitConverter.ToString(code).Replace("-", " ");
Console.WriteLine(hexCode);
Console.WriteLine();
// Loop Through Each Disassembled Instruction.
// ...
foreach (var instruction in instructions)
{
Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
Console.WriteLine("\t Id = {0}", instruction.Id);
if (instruction.ArchitectureDetail != null)
{
Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);
// Loop Through Each Instruction's Operands.
//
// ...
foreach (var operand in instruction.ArchitectureDetail.Operands)
{
string operandValue = null;
switch (operand.Type)
{
case Arm64InstructionOperandType.CImmediate:
operandValue = operand.ImmediateValue.Value.ToString("X");
break;
case Arm64InstructionOperandType.FloatingPoint:
operandValue = operand.FloatingPointValue.Value.ToString();
break;
case Arm64InstructionOperandType.Immediate:
operandValue = operand.ImmediateValue.Value.ToString("X");
break;
case Arm64InstructionOperandType.MemoryBarrierOperation:
operandValue = operand.MemoryBarrierOperation.Value.ToString();
break;
case Arm64InstructionOperandType.Memory:
operandValue = "-->";
break;
case Arm64InstructionOperandType.MrsRegister:
operandValue = operand.MrsRegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.MsrRegister:
operandValue = operand.MsrRegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.PState:
operandValue = operand.PState.Value.ToString();
break;
case Arm64InstructionOperandType.PrefetchOperation:
operandValue = operand.PrefetchOperation.Value.ToString();
break;
case Arm64InstructionOperandType.Register:
operandValue = operand.RegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.SysOperation:
operandValue = "-->";
break;
}
Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);
// Handle Memory Operand.
//
// ...
if (operand.Type == Arm64InstructionOperandType.Memory)
{
Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
Console.WriteLine();
}
// Handle SYS Operation Operand.
//
// ...
if (operand.Type == Arm64InstructionOperandType.SysOperation)
{
operandValue = null;
switch (instruction.Id)
{
case Arm64Instruction.AT:
operandValue = operand.AtInstructionOperation.ToString();
break;
case Arm64Instruction.DC:
operandValue = operand.DcInstructionOperation.ToString();
break;
case Arm64Instruction.IC:
operandValue = operand.IcInstructionOperation.ToString();
break;
case Arm64Instruction.TLBI:
operandValue = operand.TlbiInstructionOperation.ToString();
break;
}
Console.WriteLine("\t\t\t SYS Operation = {0}", operandValue);
Console.WriteLine();
}
Console.WriteLine("\t\t\t Extender = {0}", operand.Extender);
Console.WriteLine("\t\t\t Shifter = -->");
Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);
Console.WriteLine("\t\t\t Vector Arrangement Specifier = {0}", operand.VectorArrangementSpecifier);
Console.WriteLine("\t\t\t Vector Element Size Specifier = {0}", operand.VectorElementSizeSpecifier);
Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
}
Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
}
Console.WriteLine();
}
}
}