public byte[] Assemble(Operand op1, out bool fullyAssembled, Shellcode shellcode)
{
byte[] res_opcode = Opcode;
byte[] res_ModRegRM = new byte[0];
byte[] res_end = new byte[0];
fullyAssembled = true;
if (op1.Imm)
{
UInt64 imm = op1.GetValue(out fullyAssembled, shellcode);
if (shellcode.IsWin64)
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray(imm)).ToArray();
}
else
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray((UInt32)imm)).ToArray();
}
}
else if (op1.Reg && Plusr)
{
// Add register code to the last byte of the opcode and return
res_opcode[res_opcode.Length - 1] = (byte)(res_opcode[res_opcode.Length - 1] + (byte)AssemblyDefines.Registers[op1.GetRegisterName()]);
}
else
{
fullyAssembled = false;
throw new Exception("Opcode Assembler Error: Failed to assemble instruction with opcode " + MemoryFunctions.ByteArrayToString(Opcode));
}
return(res_opcode.Concat(res_ModRegRM).Concat(res_end).ToArray());
}
public byte[] Assemble(Operand op1, out bool fullyAssembled, Shellcode shellcode)
{
byte[] res_opcode = Opcode;
byte[] res_ModRegRM = new byte[0];
byte[] res_end = new byte[0];
fullyAssembled = true;
if (op1.Imm)
{
UInt64 imm = op1.GetValue(out fullyAssembled, shellcode);
if (shellcode.IsWin64)
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray(imm)).ToArray();
}
else
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray((UInt32)imm)).ToArray();
}
}
else if (op1.Reg && Plusr)
{
// Add register code to the last byte of the opcode and return
res_opcode[res_opcode.Length - 1] = (byte)(res_opcode[res_opcode.Length - 1] + (byte)AssemblyDefines.Registers[op1.GetRegisterName()]);
}
else
{
fullyAssembled = false;
throw new Exception("Opcode Assembler Error: Failed to assemble instruction with opcode " + MemoryFunctions.ByteArrayToString(Opcode));
}
return res_opcode.Concat(res_ModRegRM).Concat(res_end).ToArray();
}
public bool Assemble(Shellcode parent, Process process, string instruction, UInt64 offset)
{
// Parse this instruction if there is one
Offset = offset;
Size = 0;
Data = null;
HasVariable = false;
VariableIsOffset = false;
FullyAssembled = false;
VariableName = "";
string[] fields = instruction.Split(new char[] { ' ', '\t', ',' }, StringSplitOptions.RemoveEmptyEntries);
if (fields.Length == 1 && fields.Contains(":"))
{
// This is a label. Add it as a variable.
parent.SetVariable(fields[0].Replace(":", ""), offset);
FullyAssembled = true;
}
else
{
// Load the opcode and operands
string opcode = fields[0];
List <Operand> operands = new List <Operand>(fields.Length - 1);
for (int i = 1; i < fields.Length; i++)
{
operands.Add(new Operand(fields[i]));
}
// Assemble the instruction now
byte[] bytes;
if (operands.Count < 1)
{
OpcodeAssembler builder = AssemblyDefines.OpcodeAssemblers[new OpcodeDescriptor(opcode)];
bytes = builder.Assemble(out FullyAssembled, parent);
}
else if (operands.Count < 2)
{
OpcodeAssembler builder = AssemblyDefines.OpcodeAssemblers[new OpcodeDescriptor(opcode, operands[0])];
bytes = builder.Assemble(operands[0], out FullyAssembled, parent);
}
else
{
OpcodeAssembler builder = AssemblyDefines.OpcodeAssemblers[new OpcodeDescriptor(opcode, operands[0], operands[1])];
bytes = builder.Assemble(operands[0], operands[1], out FullyAssembled, parent);
}
Data = bytes;
this.Size = bytes.Length;
}
return(FullyAssembled);
}
public UInt64 GetValue(out bool realValue, Shellcode shellcode)
{
if (Imm && _valueName != null)
{
// Return dummy value if variable not resolved
UInt64 value = 0;
realValue = shellcode.GetVariable(_valueName, out value);
return(value);
}
realValue = true;
return(_value);
}
public byte[] Assemble(Operand op1, Operand op2, out bool fullyAssembled, Shellcode shellcode)
{
// Double-operand assembler
byte[] res_opcode = Opcode;
byte[] res_ModRegRM = new byte[0];
byte[] res_end = new byte[0];
fullyAssembled = true;
if (op1.Imm)
{
UInt64 imm = op1.GetValue(out fullyAssembled, shellcode);
if (shellcode.IsWin64)
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray(imm)).ToArray();
}
else
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray((UInt32)imm)).ToArray();
}
}
else if (op1.Reg && Plusr)
{
// Add register code to the last byte of the opcode and return
res_opcode[res_opcode.Length - 1] = (byte)(res_opcode[res_opcode.Length - 1] + (byte)AssemblyDefines.Registers[op1.GetRegisterName()]);
}
else if (op1.Reg && ModRegRM == byte.MaxValue)
{
// Add register code to the start of the res_reg stream in ModRegRM format
if (res_ModRegRM.Length == 0)
{
byte mod = 0x3;
byte reg1 = (byte)AssemblyDefines.Registers[op1.GetRegisterName()];
res_ModRegRM = new byte[1] {
(byte)((byte)(mod << 7) + (byte)(reg1 << 3))
};
}
}
else
{
fullyAssembled = false;
throw new Exception("Opcode Assembler Error: Failed to assemble instruction during processing of first operand with opcode " + MemoryFunctions.ByteArrayToString(Opcode));
}
if (op2.Imm)
{
bool partFullyAssembled = true;
UInt64 imm = op2.GetValue(out partFullyAssembled, shellcode);
if (!partFullyAssembled)
{
fullyAssembled = false;
}
if (shellcode.IsWin64)
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray(imm)).ToArray();
}
else
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray((UInt32)imm)).ToArray();
}
}
else if (op2.Reg && Plusr)
{
// Add register code to the last byte of the opcode and return
res_opcode[res_opcode.Length - 1] = (byte)(res_opcode[res_opcode.Length - 1] + (byte)AssemblyDefines.Registers[op1.GetRegisterName()]);
}
else if (op1.Reg && ModRegRM == byte.MaxValue)
{
// Add register code to the start of the res_reg stream in ModRegRM format
if (res_ModRegRM.Length == 1)
{
res_ModRegRM[0] |= (byte)AssemblyDefines.Registers[op1.GetRegisterName()];
}
}
else
{
fullyAssembled = false;
throw new Exception("Opcode Assembler Error: Failed to assemble instruction during processing of second operand with opcode " + MemoryFunctions.ByteArrayToString(Opcode));
}
return(res_opcode.Concat(res_ModRegRM).Concat(res_end).ToArray());
}
public Instruction(Shellcode parent, Process process, string instruction, UInt64 offset)
{
Assemble(parent, process, instruction, offset);
}
public byte[] Assemble(out bool fullyAssembled, Shellcode shellcode)
{
fullyAssembled = true;
return(Opcode);
}
public byte[] Assemble(Operand op1, Operand op2, out bool fullyAssembled, Shellcode shellcode)
{
// Double-operand assembler
byte[] res_opcode = Opcode;
byte[] res_ModRegRM = new byte[0];
byte[] res_end = new byte[0];
fullyAssembled = true;
if (op1.Imm)
{
UInt64 imm = op1.GetValue(out fullyAssembled, shellcode);
if (shellcode.IsWin64)
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray(imm)).ToArray();
}
else
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray((UInt32)imm)).ToArray();
}
}
else if (op1.Reg && Plusr)
{
// Add register code to the last byte of the opcode and return
res_opcode[res_opcode.Length - 1] = (byte)(res_opcode[res_opcode.Length - 1] + (byte)AssemblyDefines.Registers[op1.GetRegisterName()]);
}
else if (op1.Reg && ModRegRM == byte.MaxValue)
{
// Add register code to the start of the res_reg stream in ModRegRM format
if (res_ModRegRM.Length == 0)
{
byte mod = 0x3;
byte reg1 = (byte)AssemblyDefines.Registers[op1.GetRegisterName()];
res_ModRegRM = new byte[1] { (byte)((byte)(mod << 7) + (byte)(reg1 << 3)) };
}
}
else
{
fullyAssembled = false;
throw new Exception("Opcode Assembler Error: Failed to assemble instruction during processing of first operand with opcode " + MemoryFunctions.ByteArrayToString(Opcode));
}
if (op2.Imm)
{
bool partFullyAssembled = true;
UInt64 imm = op2.GetValue(out partFullyAssembled, shellcode);
if (!partFullyAssembled)
fullyAssembled = false;
if (shellcode.IsWin64)
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray(imm)).ToArray();
}
else
{
res_end = res_end.Concat(MemoryFunctions.ToByteArray((UInt32)imm)).ToArray();
}
}
else if (op2.Reg && Plusr)
{
// Add register code to the last byte of the opcode and return
res_opcode[res_opcode.Length - 1] = (byte)(res_opcode[res_opcode.Length - 1] + (byte)AssemblyDefines.Registers[op1.GetRegisterName()]);
}
else if (op1.Reg && ModRegRM == byte.MaxValue)
{
// Add register code to the start of the res_reg stream in ModRegRM format
if (res_ModRegRM.Length == 1)
{
res_ModRegRM[0] |= (byte)AssemblyDefines.Registers[op1.GetRegisterName()];
}
}
else
{
fullyAssembled = false;
throw new Exception("Opcode Assembler Error: Failed to assemble instruction during processing of second operand with opcode " + MemoryFunctions.ByteArrayToString(Opcode));
}
return res_opcode.Concat(res_ModRegRM).Concat(res_end).ToArray();
}
public UInt64 GetValue(out bool realValue, Shellcode shellcode)
{
if (Imm && _valueName != null)
{
// Return dummy value if variable not resolved
UInt64 value = 0;
realValue = shellcode.GetVariable(_valueName, out value);
return value;
}
realValue = true;
return _value;
}
public bool Assemble(Shellcode parent, Process process, string instruction, UInt64 offset)
{
// Parse this instruction if there is one
Offset = offset;
Size = 0;
Data = null;
HasVariable = false;
VariableIsOffset = false;
FullyAssembled = false;
VariableName = "";
string[] fields = instruction.Split(new char[] { ' ', '\t', ',' }, StringSplitOptions.RemoveEmptyEntries);
if (fields.Length == 1 && fields.Contains(":"))
{
// This is a label. Add it as a variable.
parent.SetVariable(fields[0].Replace(":", ""), offset);
FullyAssembled = true;
}
else
{
// Load the opcode and operands
string opcode = fields[0];
List<Operand> operands = new List<Operand>(fields.Length - 1);
for (int i = 1; i < fields.Length; i++)
operands.Add(new Operand(fields[i]));
// Assemble the instruction now
byte[] bytes;
if (operands.Count < 1)
{
OpcodeAssembler builder = AssemblyDefines.OpcodeAssemblers[new OpcodeDescriptor(opcode)];
bytes = builder.Assemble(out FullyAssembled, parent);
}
else if (operands.Count < 2)
{
OpcodeAssembler builder = AssemblyDefines.OpcodeAssemblers[new OpcodeDescriptor(opcode, operands[0])];
bytes = builder.Assemble(operands[0], out FullyAssembled, parent);
}
else
{
OpcodeAssembler builder = AssemblyDefines.OpcodeAssemblers[new OpcodeDescriptor(opcode, operands[0], operands[1])];
bytes = builder.Assemble(operands[0], operands[1], out FullyAssembled, parent);
}
Data = bytes;
this.Size = bytes.Length;
}
return FullyAssembled;
}
public Instruction(Shellcode parent, Process process, string instruction, UInt64 offset)
{
Assemble( parent, process, instruction, offset);
}
public byte[] Assemble(out bool fullyAssembled, Shellcode shellcode)
{
fullyAssembled = true;
return Opcode;
}
