Beispiel #1
0
 public static int Disassemble(ref _Disasm instruction, bool Cheetah)
 {
     if (Cheetah)
     {
         return((IntPtr.Size == 8) ? NativeMethods.Disassemble64Cheetah(ref instruction) : NativeMethods.Disassemble32Cheetah(ref instruction));
     }
     else
     {
         return((IntPtr.Size == 8) ? NativeMethods.Disassemble64(ref instruction) : NativeMethods.Disassemble32(ref instruction));
     }
 }
Beispiel #2
0
        public static IEnumerable <_Disasm> Disassemble(byte[] data, UIntPtr address, Architecture architecture)
        {
            GCHandle h = GCHandle.Alloc(data, GCHandleType.Pinned);
            UInt64   EndCodeSection = (UInt64)h.AddrOfPinnedObject().ToInt64() + (ulong)data.Length;

            _Disasm d = new _Disasm();

            d.InstructionPointer = (UIntPtr)h.AddrOfPinnedObject().ToInt64();
            d.VirtualAddr        = address.ToUInt64();
            d.Architecture       = architecture;
            bool error = false;

            while (!error)
            {
                d.SecurityBlock = (uint)(EndCodeSection - d.InstructionPointer.ToUInt64());

                d.Length = BeaEngine.Disassemble(ref d);
                if (d.Length == BeaEngine.OutOfBlock)
                {
                    Console.WriteLine("disasm engine is not allowed to read more memory.");
                    error = true;
                }
                else if (d.Length == BeaEngine.UnknownOpcode)
                {
                    _Disasm yieldedInst = d;
                    d.InstructionPointer = d.InstructionPointer + 1;
                    d.VirtualAddr        = d.VirtualAddr + 1;
                    yield return(yieldedInst);
                }
                else
                {
                    _Disasm yieldedInst = d;
                    d.InstructionPointer = d.InstructionPointer + d.Length;
                    d.VirtualAddr        = d.VirtualAddr + (ulong)d.Length;
                    if (d.InstructionPointer.ToUInt64() >= EndCodeSection)
                    {
                        error = true;
                    }

                    yield return(yieldedInst);
                }
            }

            yield break;
        }
Beispiel #3
0
 public static extern int Disassemble(ref _Disasm instruction);
Beispiel #4
0
        public static IEnumerable<_Disasm> Disassemble(byte[] data, UIntPtr address, Architecture architecture)
        {
            GCHandle h = GCHandle.Alloc(data, GCHandleType.Pinned);
            UInt64 EndCodeSection = (UInt64)h.AddrOfPinnedObject().ToInt64() + (ulong)data.Length;

            _Disasm d = new _Disasm();
            d.InstructionPointer = (UIntPtr)h.AddrOfPinnedObject().ToInt64();
            d.VirtualAddr = address.ToUInt64();
            d.Architecture = architecture;
            bool error = false;
            while (!error)
            {
                d.SecurityBlock = (uint)(EndCodeSection - d.InstructionPointer.ToUInt64());

                d.Length = BeaEngine.Disassemble(ref d);
                if (d.Length == BeaEngine.OutOfBlock)
                {
                    Console.WriteLine("disasm engine is not allowed to read more memory.");
                    error = true;
                }
                else if (d.Length == BeaEngine.UnknownOpcode)
                {
                    _Disasm yieldedInst = d;
                    d.InstructionPointer = d.InstructionPointer + 1;
                    d.VirtualAddr = d.VirtualAddr + 1;
                    yield return yieldedInst;
                }
                else
                {
                    _Disasm yieldedInst = d;
                    d.InstructionPointer = d.InstructionPointer + d.Length;
                    d.VirtualAddr = d.VirtualAddr + (ulong)d.Length;
                    if (d.InstructionPointer.ToUInt64() >= EndCodeSection)
                    {
                        error = true;
                    }

                    yield return yieldedInst;
                }
            }

            yield break;
        }
Beispiel #5
0
 public static extern int Disassemble(ref _Disasm instruction);
Beispiel #6
0
 public static int Disassemble(ref _Disasm instruction)
 {
     return(Disassemble(ref instruction, false));
 }
Beispiel #7
0
 public static int Disassemble(ref _Disasm instruction, bool Cheetah)
 {
     if (Cheetah)
     return (IntPtr.Size == 8) ? NativeMethods.Disassemble64Cheetah(ref instruction) : NativeMethods.Disassemble32Cheetah(ref instruction);
       else
     return (IntPtr.Size == 8) ? NativeMethods.Disassemble64(ref instruction) : NativeMethods.Disassemble32(ref instruction);
 }
Beispiel #8
0
 public static int Disassemble(ref _Disasm instruction)
 {
     return Disassemble(ref instruction, false);
 }