private static void Main(string[] args)
{
if (args.Length < 1)
{
Console.WriteLine("Usage: Chip8Disassembler program [initial address in hex].");
return;
}
string program = args[0];
int startAddress = -1;
if (!File.Exists(program))
{
Console.WriteLine("Couldn't find program: {0}.", program);
return;
}
if (args.Length == 2)
{
if (!int.TryParse(args[1], NumberStyles.HexNumber, CultureInfo.CurrentCulture, out startAddress))
{
Console.WriteLine("Invalid initial address.");
return;
}
}
Disassembler disassembler = new Disassembler();
List<string> instructions;
if (startAddress != -1)
{
try
{
instructions = disassembler.Disassemble(program, (ushort)startAddress).ToList();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return;
}
}
else
{
instructions = disassembler.Disassemble(program).ToList();
}
foreach (string instruction in instructions)
{
Console.WriteLine(instruction);
}
}
public void Fetch(bool doStrings)
{
if (Halted)
{
return;
}
CurrentAddr = segments[(int)SegmentRegister.CS].GDTEntry.BaseAddress + EIP;
disasm.CodeSize = codeSize;
OpLen = disasm.Disassemble(CurrentAddr, doStrings);
opSize = disasm.OperandSize;
addressSize = disasm.AddressSize;
}
private void DecrementCurrentAddress()
{
uint newaddress = currentDisassemblerAddress;
while (true)
{
int bytestoadvance;
Disassembler.Disassemble(MemoryDomains.SystemBus, newaddress, out bytestoadvance);
if (newaddress + bytestoadvance == currentDisassemblerAddress)
{
break;
}
newaddress--;
if (newaddress < 0)
{
newaddress = 0;
break;
}
// Just in case
if (currentDisassemblerAddress - newaddress > 5)
{
newaddress = currentDisassemblerAddress - 1;
break;
}
}
currentDisassemblerAddress = newaddress;
}
public AssemblyInfo GetAssemblyInfo()
{
OpenFileDialog ofd = new OpenFileDialog();
ofd.Title = "Select assembly to view";
ofd.InitialDirectory = Directory.GetCurrentDirectory();
ofd.Filter = ".Net assembly files (*.exe, *.dll) |*.exe;*.dll";
Assembly asm;
try
{
if (ofd.ShowDialog() == true)
{
asm = Assembly.LoadFrom(ofd.FileName);
}
else
{
return(null);
}
}
catch
{
return(null);
}
Disassembler d = new Disassembler();
return(d.Disassemble(asm));
}
public void DisassembleVendorTest()
{
var bytes = new byte[] {
0x0F, 0x01, 0xDD, // clgi (AMD)
0x66, 0x0F, 0x38, 0x80, 0x00 // invept eax,[eax] (intel)
};
// Any vendor
var disam = new Disassembler(bytes, ArchitectureMode.x86_64, 0x0, false, Vendor.Any);
foreach (var ins in disam.Disassemble())
{
Assert.IsFalse(ins.Error);
Assert.AreNotEqual(Udis86.ud_mnemonic_code.UD_Iinvalid, ins.Mnemonic);
}
// AMD only
disam = new Disassembler(bytes, ArchitectureMode.x86_64, 0x0, false, Vendor.AMD);
var results = disam.Disassemble().ToArray();
Assert.IsFalse(results.First().Error);
Assert.IsTrue(results.Last().Error);
// Intel only
disam = new Disassembler(bytes, ArchitectureMode.x86_64, 0x0, false, Vendor.Intel);
results = disam.Disassemble().ToArray();
Assert.IsTrue(results.First().Error);
Assert.IsFalse(results.Last().Error);
}
private void UpdateDisplay(ulong address, byte[] memory)
{
instructions.Clear();
var mode = ArchitectureMode.x86_32; // todo:
using (var disasm = new Disassembler(memory, mode, address, true, Vendor.Any))
{
var translator = new SharpDisasm.Translators.IntelTranslator()
{
IncludeAddress = false,
IncludeBinary = false
};
foreach (var instruction in disasm.Disassemble())
{
var entry = new InstructionEntry()
{
IP = instruction.Offset,
Length = instruction.Length,
Instruction = translator.Translate(instruction)
};
instructions.Add(entry);
}
}
}
private void DoDisassembly()
{
using (var dasm = new Disassembler(_selectedFile))
{
if (File.Exists(_outputFile))
{
File.Delete(_outputFile);
}
_statusLabel.Text = "Performing Disassembly...";
var inputFile = dasm.Disassemble(_optionMinimal);
//Apply Selected Analysis
if (_optionMBBSAnalysis)
{
_statusLabel.Text = "Performing Additional Analysis...";
Analysis.MBBS.Analyze(inputFile);
}
_progressBar.Fraction = .25f;
var _stringRenderer = new StringRenderer(inputFile);
_statusLabel.Text = "Processing Segment Information...";
File.AppendAllText(_outputFile, _stringRenderer.RenderSegmentInformation());
_progressBar.Fraction = .50f;
_statusLabel.Text = "Processing Entry Table...";
File.AppendAllText(_outputFile, _stringRenderer.RenderEntryTable());
_progressBar.Fraction = .75f;
_statusLabel.Text = "Processing Disassembly...";
File.AppendAllText(_outputFile, _stringRenderer.RenderDisassembly(_optionMBBSAnalysis));
_progressBar.Fraction = .85f;
if (_optionStrings)
{
_statusLabel.Text = "Processing Strings...";
File.AppendAllText(_outputFile, _stringRenderer.RenderStrings());
}
_statusLabel.Text = "Done!";
_progressBar.Fraction = 1f;
}
var d = new Dialog($"Disassembly Complete!", 50, 12);
d.Add(new Label(0, 0, $"Output File: {_outputFile}"),
new Label(0, 1, $"Bytes Written: {new FileInfo(_outputFile).Length}")
);
var okBtn = new Button("OK", true);
okBtn.Clicked += () => { Application.RequestStop(); };
d.AddButton(okBtn);
Application.Run(d);
}
public static DreyProgram FromJson(JObject json)
{
var strings =
json["strings"]
.Cast <JProperty>()
.ToDictionary(x => Int32.Parse(x.Name), x => x.Value.Value <string>());
var bytes = json["program"].Values <byte>().ToArray();
var opcodes =
json["opcodes"]
.Cast <JProperty>()
.ToDictionary(
x => x.Value["code"].Value <int>(),
x => new OpcodeData()
{
Opcode = x.Name, Extended = x.Value["extended"].Value <int>() == 1
});
var diss = new Disassembler(bytes, opcodes, strings);
var instructions = diss.Disassemble();
var prog = new DreyProgram()
{
ByteCode = instructions,
StringTable = strings
};
return(prog);
}
private bool isDecryptMethod(MethodBase method)
{
if (method.GetParameters().Length != 0 || !(method is MethodInfo) || (method as MethodInfo).ReturnType != typeof(void))
{
return(false);
}
InstructionCollection insts = Disassembler.Disassemble(method.GetMethodBody().GetILAsByteArray());
foreach (Instruction inst in from instr in insts where instr.OpCode == OpCodes.Call select instr)
{
uint destToken = (inst.Operand.Value as MetadataToken).Value;
{
try
{
MethodBase destMethod = method.Module.ResolveMethod((int)destToken);
if (destMethod == typeof(Marshal).GetMethod("GetHINSTANCE", BindingFlags.Public | BindingFlags.Static))
{
return(true);
}
}
catch { }
}
}
return(false);
}
protected override void TraceFromCallback(uint addr, uint value, uint flags)
{
var regs = DebuggableCore.GetCpuFlagsAndRegisters();
uint pc = (uint)regs["M68K PC"].Value;
var disasm = Disassembler.Disassemble(MemoryDomains.SystemBus, pc & 0xFFFFFF, out _);
var sb = new StringBuilder();
foreach (var r in regs)
{
if (r.Key.StartsWith("M68K")) // drop Z80 regs until it has its own debugger/tracer
{
if (r.Key != "M68K SP" && r.Key != "M68K ISP" && // copies of a7
r.Key != "M68K PC" && // already present in every line start
r.Key != "M68K IR") // copy of last opcode, already shown in raw bytes
{
sb.Append($"{r.Key.Replace("M68K", "").Trim()}:{r.Value.Value.ToHexString(r.Value.BitSize / 4)} ");
}
}
}
var sr = regs["M68K SR"].Value;
sb.Append(string.Concat(
(sr & 16) > 0 ? "X" : "x",
(sr & 8) > 0 ? "N" : "n",
(sr & 4) > 0 ? "Z" : "z",
(sr & 2) > 0 ? "V" : "v",
(sr & 1) > 0 ? "C" : "c"));
this.Put(new(disassembly: $"{pc:X6}: {disasm}".PadRight(50), registerInfo: sb.ToString().Trim()));
}
private void DisassembleAndWrite(ClrMethod method, string message, ArchitectureMode architecture, Translator translator, Reference <ulong> methodAddressRef, TextWriter writer)
{
writer.WriteLine(method.GetFullSignature());
if (message != null)
{
writer.Write(" ; ");
writer.WriteLine(message);
return;
}
var info = FindNonEmptyHotColdInfo(method);
if (info == null)
{
writer.WriteLine(" ; Failed to find HotColdInfo — please report at https://github.com/ashmind/TryRoslyn/issues.");
return;
}
var methodAddress = info.HotStart;
methodAddressRef.Value = methodAddress;
using (var disasm = new Disassembler(new IntPtr(unchecked ((long)methodAddress)), (int)info.HotSize, architecture, methodAddress)) {
foreach (var instruction in disasm.Disassemble())
{
writer.Write(" L");
writer.Write((instruction.Offset - methodAddress).ToString("x4"));
writer.Write(": ");
writer.WriteLine(translator.Translate(instruction));
}
}
}
public void DisassembleSystemAll()
{
foreach (var type in typeof(Uri).Assembly.GetTypes())
{
foreach (var member in type.GetAllMembers())
{
if (member is MethodInfo)
{
var method = member as MethodInfo;
var disassembler = new Disassembler();
if (disassembler.CanDisassemble(method))
{
disassembler.Disassemble(method);
}
}
if (member is ConstructorInfo)
{
var ctor = member as ConstructorInfo;
var disassembler = new Disassembler();
if (disassembler.CanDisassemble(ctor))
{
disassembler.Disassemble(ctor);
}
}
}
}
}
void Start()
{
Type type = Type.GetType("Program,Assembly-CSharp");
MethodInfo methodInfo = type.GetMethod("AngleVectorPlane", BindingFlags.Instance | BindingFlags.NonPublic);
Debug.Log(Disassembler.Disassemble(methodInfo));
}
private void DisassembleAndWrite(ClrMethod method, ArchitectureMode architecture, Translator translator, ref ulong methodAddressRef, TextWriter writer)
{
writer.WriteLine(method.GetFullSignature());
var info = FindNonEmptyHotColdInfo(method);
if (info == null)
{
writer.WriteLine(" ; Unable to load method data (not JITted?)");
return;
}
var methodAddress = info.HotStart;
methodAddressRef = methodAddress;
using (var disasm = new Disassembler(new IntPtr(unchecked ((long)methodAddress)), (int)info.HotSize, architecture, methodAddress))
{
foreach (var instruction in disasm.Disassemble())
{
writer.Write(String.Format("0x{0:X8}`{1:X8}:", (instruction.Offset >> 32) & 0xFFFFFFFF, instruction.Offset & 0xFFFFFFFF));
writer.Write(" L");
writer.Write((instruction.Offset - methodAddress).ToString("x4"));
writer.Write(": ");
writer.WriteLine(translator.Translate(instruction));
}
}
}
/// <summary>
/// Patches all jumps pointing to originalJmpTarget to point to newJmpTarget.
/// </summary>
/// <param name="searchRange">Range of addresses where to patch jumps.</param>
/// <param name="originalJmpTarget">Address range of JMP targets to patch with newJmpTarget.</param>
/// <param name="newJmpTarget">The new address instructions should jmp to.</param>
private List <Patch> PatchJumpTargets_Internal(AddressRange searchRange, AddressRange originalJmpTarget, long newJmpTarget)
{
var patches = new List <Patch>();
int length = (int)(searchRange.EndPointer - searchRange.StartPointer);
var memory = TryReadFromMemory((IntPtr)searchRange.StartPointer, length);
Disassembler disassembler = new Disassembler(memory, _architecture, (ulong)searchRange.StartPointer, true);
Instruction[] instructions = disassembler.Disassemble().ToArray();
for (int x = 0; x < instructions.Length; x++)
{
Instruction instruction = instructions[x];
Instruction nextInstruction = (x + 1 < instructions.Length) ? instructions[x + 1] : null;
if (IsRelativeJump(instruction))
{
PatchRelativeJump(instruction, ref originalJmpTarget, newJmpTarget, patches);
}
else if (IsRIPRelativeJump(instruction))
{
PatchRIPRelativeJump(instruction, ref originalJmpTarget, newJmpTarget, patches);
}
else if (nextInstruction != null && IsPushReturn(instruction, nextInstruction))
{
PatchPushReturn(instruction, ref originalJmpTarget, newJmpTarget, patches);
}
}
// Return all the addresses to patch!.
return(patches);
}
public void DisassembleVendorTest()
{
var bytes = new byte[] {
0x0F, 0x01, 0xDD, // clgi (AMD)
0x66, 0x0F, 0x38, 0x80, 0x00 // invept eax,[eax] (intel)
};
// Any vendor
var disam = new Disassembler(bytes, ArchitectureMode.x86_64, 0x0, false, Vendor.Any);
foreach (var ins in disam.Disassemble())
{
Assert.IsFalse(ins.Error);
Assert.AreNotEqual(Udis86.ud_mnemonic_code.UD_Iinvalid, ins.Mnemonic);
}
// AMD only
disam = new Disassembler(bytes, ArchitectureMode.x86_64, 0x0, false, Vendor.AMD);
var results = disam.Disassemble().ToArray();
Assert.IsFalse(results.First().Error);
Assert.IsTrue(results.Last().Error);
// Intel only
disam = new Disassembler(bytes, ArchitectureMode.x86_64, 0x0, false, Vendor.Intel);
results = disam.Disassemble().ToArray();
Assert.IsTrue(results.First().Error);
Assert.IsFalse(results.Last().Error);
}
public bool FirmwareFromAppFolder()
{
if (!SourceExists)
{
return(false);
}
// delete old firmware before making new one
if (File.Exists(FirmwareFile))
{
File.Delete(FirmwareFile);
}
if (File.Exists(MainFile))
{
FirmwareFromMainFile();
}
else
{
FirmwareFromCS();
}
if (File.Exists(FirmwareFile))
{
var disassembler = new Disassembler();
FileTools.WriteAllText(FirmwareAsmFile, disassembler.Disassemble(Instructions()));
}
else
{
Console.WriteLine($"Firmware file was not found: {FirmwareFile}");
}
return(File.Exists(FirmwareFile));
}
/// <summary>
/// Retrieves the length of the hook for trampoline, mid-function hooks etc.
/// This works by reading a short fixed array of bytes from memory then disassembling the bytes
/// and iterating over each individual instruction up to the point where the total length of the
/// disassembled exceeds the user set length of instructions to be assembled.
/// </summary>
/// <param name="hookAddress">The address that is to be hooked.</param>
/// <param name="hookLength">The minimum length of the hook, the length of our assembled bytes for the hook.</param>
/// <returns>The necessary length of bytes to hook the individual game function.</returns>
public static int GetHookLength(IntPtr hookAddress, int hookLength)
{
// Retrieve the function header, arbitrary length of 32 bytes is used for this operation.
// While you can technically build infinite length X86 instructions, anything greater than 16 to compare seems reasonable.
byte[] functionHeader = Bindings.TargetProcess.ReadMemoryExternal(hookAddress, 64);
// Define the disassembler.
Disassembler disassembler = new Disassembler(functionHeader, ArchitectureMode.x86_32);
// Disassemble function header and find shortest amount of bytes.
Instruction[] x86Instructions = disassembler.Disassemble().ToArray();
int completeHookLength = 0;
foreach (Instruction x86Instruction in x86Instructions)
{
completeHookLength += x86Instruction.Length;
if (completeHookLength > hookLength)
{
break;
}
}
return(completeHookLength);
}
private void UpdateDisplay(ulong address, byte[] memory)
{
if (address != Platform.InstructionPointer.Value)
{
return;
}
var mode = ArchitectureMode.x86_32; // todo:
try
{
using (var disasm = new Disassembler(memory, mode, address, true))
{
var translator = new SharpDisasm.Translators.IntelTranslator()
{
IncludeAddress = false,
IncludeBinary = false
};
foreach (var instruction in disasm.Disassemble())
{
var asm = translator.Translate(instruction);
tbInstruction.Text = asm;
break;
}
}
}
catch
{
tbInstruction.Text = "Unable to decode!";
}
}
private void AddressUpDown_ValueChanged(object sender, EventArgs e)
{
if (extend)
{
ReadProcessMemory(hProcess, (uint)AddressUpDown.Value, wmInfo.ByteArray, wmInfo.ByteArray.Length, 0);
}
var disasm = new Disassembler(wmInfo.ByteArray, ArchitectureMode.x86_32, (uint)AddressUpDown.Value, true);
DisAsmListView.Items.Clear();
int index = -1;
foreach (var item in disasm.Disassemble())
{
ListViewItem listViewItem = new ListViewItem("0x" + item.Offset.ToString("X8"));
listViewItem.SubItems.Add(Disassembler.Translator.TranslateBytes(item).ToUpper());
listViewItem.SubItems.Add(Disassembler.Translator.TranslateMnemonic(item));
DisAsmListView.Items.Add(listViewItem);
if (extend && item.Offset == wmInfo.Address)
{
index = DisAsmListView.Items.Count - 1;
}
}
if (extend && index >= 0)
{
DisAsmListView.SelectedIndices.Add(index);
DisAsmListView.EnsureVisible(index);
}
}
public void DisassembleSystemAll()
{
foreach (var type in typeof( Uri).Assembly.GetTypes() )
{
foreach (var member in type.GetAllMembers())
{
if (member is MethodInfo)
{
var method = member as MethodInfo;
var disassembler = new Disassembler();
if (disassembler.CanDisassemble(method))
{
disassembler.Disassemble(method);
}
}
if (member is ConstructorInfo)
{
var ctor = member as ConstructorInfo;
var disassembler = new Disassembler();
if (disassembler.CanDisassemble(ctor))
{
disassembler.Disassemble(ctor);
}
}
}
}
}
/// <summary>
/// Patches all jumps pointing to originalJmpTarget to point to newJmpTarget.
/// </summary>
/// <param name="searchRange">Range of addresses where to patch jumps.</param>
/// <param name="originalJmpTarget">Address range of JMP targets to patch with newJmpTarget.</param>
/// <param name="newJmpTarget">The new address instructions should jmp to.</param>
internal List <Patch> PatchJumpTargets(AddressRange searchRange, AddressRange originalJmpTarget, long newJmpTarget)
{
var patches = new List <Patch>();
int length = (int)(searchRange.EndPointer - searchRange.StartPointer);
CurrentProcess.SafeReadRaw((IntPtr)searchRange.StartPointer, out byte[] memory, length);
Disassembler disassembler = new Disassembler(memory, _architecture, (ulong)searchRange.StartPointer, true);
Instruction[] instructions = disassembler.Disassemble().ToArray();
for (int x = 0; x < instructions.Length; x++)
{
Instruction instruction = instructions[x];
Instruction nextInstruction = (x + 1 < instructions.Length) ? instructions[x + 1] : null;
if (IsRelativeJump(instruction))
{
PatchRelativeJump(instruction, ref originalJmpTarget, newJmpTarget, patches);
}
if (IsRIPRelativeJump(instruction))
{
PatchRIPRelativeJump(instruction, ref originalJmpTarget, newJmpTarget, patches);
}
if (IsPushReturn(instruction, nextInstruction))
{
PatchPushReturn(instruction, ref originalJmpTarget, newJmpTarget, patches);
}
}
// Return all the addresses to patch!.
return(patches);
}
public async Task Disasamx86x64x16(ArchitectureMode mode, [Remainder] string hex = null)
{
Disassembler.Translator.IncludeBinary = true;
var disasm = new Disassembler(Utilities.HexStringToByteArray(hex.ToString().Replace("\\x", "").Replace("0x", "").Replace(" ", "")), mode, 0, true);
await ReplyAsync($"```x86asm\n{string.Join("\n", disasm.Disassemble())}```");
}
public void ArraysDisasm()
{
var firmwareTools = new FirmwareTools(AppPath("Arrays"));
var disassembler = new Disassembler();
File.WriteAllText(firmwareTools.FirmwareAsmFile, disassembler.Disassemble(firmwareTools.Instructions()));
}
/// <summary>
/// Retrieves the length of the hook for trampoline, mid-function hooks etc.
/// </summary>
/// <param name="hookAddress">The address that is to be hooked.</param>
/// <param name="hookLength">The minimum length of the hook, the length of our assembled bytes for the hook.</param>
/// <param name="architectureMode">X86 or X64 to use for disassembly.</param>
public static int GetHookLength(IntPtr hookAddress, int hookLength, ArchitectureMode architectureMode)
{
/*
* This works by reading a short fixed array of bytes from memory then disassembling the bytes
* and iterating over each individual instruction up to the point where the total length of the
* disassembled exceeds the user set length of instructions to be assembled.
*/
// Retrieve the function header, arbitrary length of <see below> bytes is used for this operation.
// While you can technically build infinite length X86 instructions, anything greater than 16 to compare seems reasonable.
Memory.Sources.Memory.CurrentProcess.ReadRaw(hookAddress, out byte[] functionHeader, 64);
Disassembler disassembler = new Disassembler(functionHeader, architectureMode);
Instruction[] instructions = disassembler.Disassemble().ToArray();
int completeHookLength = 0;
foreach (Instruction instruction in instructions)
{
completeHookLength += instruction.Length;
if (completeHookLength >= hookLength)
{
break;
}
}
return(completeHookLength);
}
private static bool RunCode(SourceCodeFile file)
{
var tokens = Lexer.ScanTokens(file);
if (Context.Instance.ErrorsReported > 0)
{
return(true);
}
var ast = Parser.Parse(tokens);
if (Context.Instance.ErrorsReported > 0)
{
return(true);
}
// TODO: Scanning on demand.
tokens.Clear();
var byteCode = Compiler.Compile(ast);
if (Context.Instance.ErrorsReported > 0)
{
return(true);
}
#if DEBUG
Disassembler.Disassemble(byteCode.ToArray());
Console.WriteLine("----------------------------------------");
#endif
VirtualMachine.Execute(byteCode);
return(false);
}
/// <summary>
/// profile the closure to extract a list of the cells referenced
/// </summary>
/// <param name="func"></param>
private static ICell[] ProfileObject(object func)
{
var l = new LinkedList <ICell>();
var fields = func.GetType().GetFields();
var fd = new Dictionary <string, object>();
foreach (var f in fields)
{
var o = f.GetValue(func);
fd.Add(f.Name, o);
if (o is ICell c && !(c is Model))
{
l.AddLast(c);
}
}
var method = func.GetType().GetMethod("Invoke");
var disasembler = new Disassembler(method, SequencePointEnumerator.Empty);
var code = disasembler.Disassemble();
foreach (var il in code.Instructions)
{
if (il.InstructionType == ILInstructionType.Ldfld)
{
var fi = il.Argument as FieldInfo;
if (!fd.ContainsKey(fi.Name))
{
foreach (var o in fd)
{
try
{
var p = fi.GetValue(o.Value);
if (p != null)
{
fd.Add(fi.Name, p);
if (p is ICell c)
{
if (p is ITrivial t)
{
foreach (var x in ProfileObject(t.GetFunction()))
{
l.AddLast(x);
}
}
else
{
l.AddLast(c);
}
}
}
break;
}
catch { }
}
}
}
}
return(l.Distinct().ToArray());
}
private void SaveProgram(Program program)
{
string programText = Disassembler.Disassemble(program);
StreamWriter programFile = File.CreateText(ProgramDirectory.ProgramPath(program.name));
programFile.Write(programText);
programFile.Close();
}
public void Disassemble64BitResolveRIPAddress()
{
var defaultTranslator = SharpDisasm.Disassembler.Translator;
SharpDisasm.Disassembler.Translator = new SharpDisasm.Translators.IntelTranslator()
{
ResolveRip = true
};
try
{
var disasm = new Disassembler(new byte[] {
0x48, 0x8B, 0x05, 0xF7, 0xFF, 0xFF, 0xFF, // mov rax, [rip-0x9] -> mov rax, [0x7ff71bfffffe]
0xFF, 0x15, 0xF7, 0xFF, 0xFF, 0xFF, // call qword [rip-0x9] -> call qword [0x7ff71c000004]
}, ArchitectureMode.x86_64, 0x7ff71c000000);
var dis = disasm.Disassemble();
Assert.AreEqual("mov rax, [0x7ff71bfffffe]", dis.First().ToString());
Assert.AreEqual("call qword [0x7ff71c000004]", dis.Last().ToString());
Disassembler.Translator.IncludeAddress = true;
Disassembler.Translator.IncludeBinary = true;
foreach (var ins in dis)
{
Debug.WriteLine(ins.ToString());
}
SharpDisasm.Disassembler.Translator = new SharpDisasm.Translators.ATTTranslator()
{
ResolveRip = true
};
Assert.AreEqual("movq 0x7ff71bfffffe, %rax", dis.First().ToString());
Assert.AreEqual("callq 0x7ff71c000004", dis.Last().ToString());
Disassembler.Translator.IncludeAddress = true;
Disassembler.Translator.IncludeBinary = true;
foreach (var ins in disasm.Disassemble())
{
Debug.WriteLine(ins.ToString());
}
}
finally
{
SharpDisasm.Disassembler.Translator = defaultTranslator;
}
}
private void mnuLoadBIN_Click(object sender, EventArgs e)
{
pauseEmulation = true;
try
{
string fname;
if (string.IsNullOrEmpty(fname = OpenFile("BIN files|*.bin|RBN files|*.rbn|All files|*.*")))
{
return;
}
try
{
MemAddressInputForm.ShowDialog(this);
if (MemAddressInputForm.cancel)
{
MessageBox.Show("Bin Not Loaded!");
return;
}
string memVal = settings.MemoryLoadAddress.ToLower();
int memAddr = 0;
if (memVal.Contains('x') || memVal.Contains('$'))
{
memVal = memVal.Replace("x", string.Empty).Replace("$", string.Empty);
memAddr = int.Parse(memVal, NumberStyles.HexNumber);
}
else
{
memAddr = int.Parse(memVal);
}
// even address
memAddr &= -2;
byte[] bin = File.ReadAllBytes(fname);
Buffer.BlockCopy(bin, 0, Memory.Data, memAddr, bin.Length + memAddr > Memory.MEMORY_TOP ? Memory.MEMORY_TOP - memAddr : bin.Length);
UpdateDasmSymbols(fname, Path.GetExtension(fname) == ".rbn" ? memAddr : 0);
List <string> dasmtext = Disassembler.Disassemble();
File.WriteAllLines("disassembly.lst", dasmtext, Encoding.ASCII);
MessageBox.Show(this, string.Format("Bin Loaded at {0}", memAddr));
}
catch (Exception ex)
{
string msg = @"Exception: {0}
{1}
PC: {2}";
MessageBox.Show(string.Format(msg, ex.Message, ex.StackTrace, Convert.ToString(State.PC, 16).PadLeft(4, '0')), "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
finally
{
pauseEmulation = false;
}
}
public void Disassemble(byte[] code, int address, bool x64)
{
Disassembler.Translator.IncludeAddress = true;
Disassembler.Translator.IncludeBinary = true;
using (var disassem = new Disassembler(code, x64 ? ArchitectureMode.x86_64 : ArchitectureMode.x86_32, (ulong)address, true)) {
Instructions = disassem.Disassemble().TakeWhileIncluding(i => i.Mnemonic != SharpDisasm.Udis86.ud_mnemonic_code.UD_Iret).
Select(i => new InstructionViewModel(i)).ToArray();
}
}
static void DisassembleThings()
{
string dasm = Disassembler.Disassemble(File.ReadAllBytes("C:\\Users\\adam\\Downloads\\XUBR580\\pcxtbios.bin"), 0);
StreamWriter sw = new StreamWriter("C:\\Users\\adam\\Downloads\\XUBR580\\pcxtbios.txt");
sw.Write(dasm);
sw.Close();
}
private Instruction GetCurrentInstruction()
{
if (buffer == null || buffer.Length == 0)
{
return(null);
}
return(disassembler.Disassemble(buffer, ProgramCounter));
}
public void DisassembleLargeMemory()
{
var b = new byte[] {
0x67, 0x66, 0x8b, 0x40, 0xf0 // mov ax, [eax-0x10]
, 0x67, 0x66, 0x03, 0x5e, 0x10 // add bx, [esi+0x10]
, 0x48, 0x03, 0x04, 0x25, 0xff, 0xff, 0x00, 0x00 // add rax, [0xffff]
, 0x67, 0x66, 0x03, 0x44, 0xbe, 0xf0 // add ax, [esi+edi*4-0x10]
, 0x4c, 0x03, 0x84, 0x98, 0x00, 0x00, 0x00, 0x80 // add r8, [rax+rbx*4-0x80000000]
, 0x48, 0xa1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00 // mov rax, [0x800000000000]
};
int iterations = 1000000;
IntPtr mem = Marshal.AllocHGlobal(b.Length * iterations);
int len = 0;
for (var i = 0; i < iterations; i++)
{
foreach (var v in b)
{
Marshal.WriteByte(mem, len++, v);
}
}
var disasm = new Disassembler(mem, len, ArchitectureMode.x86_64, 0, false);
Stopwatch sw = new Stopwatch();
int instructionCount = 0;
int totalBytes = 0;
sw.Start();
foreach (var ins in disasm.Disassemble())
{
instructionCount++;
totalBytes += ins.Length;
//var s = ins.ToString();
}
sw.Stop();
Debug.WriteLine(sw.Elapsed);
// Should be completed in less than 1 seconds even in debug (usually completes 600k instructions within 200-600ms)
//Assert.IsTrue(sw.Elapsed < new TimeSpan(0, 0, 1));
// Ensure correct number of instructions were disassembled
Assert.AreEqual(6 * iterations, instructionCount);
// Ensure correct number of bytes in total
Assert.AreEqual(b.Length * iterations, totalBytes);
}
private static void ReAssembleMethod(MethodBase method)
{
var disassembler = new Disassembler();
if (disassembler.CanDisassemble(method))
{
var result = disassembler.Disassemble(method);
result.Assemble(new AssembleContext());
}
}