Ejemplo n.º 1
0
 private IntelInstruction Disassemble64(params byte[] bytes)
 {
     var img = new LoadedImage(Address.Ptr64(0x10000), bytes);
     var rdr = img.CreateLeReader(img.BaseAddress);
     var dasm = new X86Disassembler(rdr, PrimitiveType.Word32, PrimitiveType.Word64, true);
     return dasm.First();
 }
Ejemplo n.º 2
0
 private IntelInstruction Disassemble16(params byte[] bytes)
 {
     LoadedImage img = new LoadedImage(Address.SegPtr(0xC00, 0), bytes);
     ImageReader rdr = img.CreateLeReader(img.BaseAddress);
     var dasm = new X86Disassembler(rdr, PrimitiveType.Word16, PrimitiveType.Word16, false);
     return dasm.First();
 }
Ejemplo n.º 3
0
 private X86Instruction Disassemble32(params byte[] bytes)
 {
     var img = new LoadedImage(Address.Ptr32(0x10000), bytes);
     var rdr = img.CreateLeReader(img.BaseAddress);
     var dasm = new X86Disassembler(ProcessorMode.Protected32, rdr, PrimitiveType.Word32, PrimitiveType.Word32, false);
     return dasm.First();
 }
Ejemplo n.º 4
0
 private void RunTest(string sExp, params byte[] bytes)
 {
     var image = new LoadedImage(Address.Ptr32(0x0100000), bytes);
     var dasm = new CilDisassembler(image.CreateLeReader(0)).GetEnumerator();
     Assert.IsTrue(dasm.MoveNext());
     var instr = dasm.Current;
     Assert.AreEqual(sExp, instr.ToString());
 }
Ejemplo n.º 5
0
 private void CreateDisassembler32(LoadedImage image)
 {
     dasm = new X86Disassembler(
         image.CreateLeReader(image.BaseAddress),
         PrimitiveType.Word32,
         PrimitiveType.Word32,
         false);
 }
Ejemplo n.º 6
0
 private void CreateDisassembler16(LoadedImage image)
 {
     dasm = new X86Disassembler(
         ProcessorMode.Real,
         image.CreateLeReader(image.BaseAddress),
         PrimitiveType.Word16,
         PrimitiveType.Word16,
         false);
 }
Ejemplo n.º 7
0
 protected MachineInstruction Disassemble(uint instr)
 {
     var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[4]);
     LeImageWriter w = new LeImageWriter(image.Bytes);
     w.WriteLeUInt32(0, instr);
     var arch = CreateArchitecture();
     var dasm = CreateDisassembler(arch, image.CreateLeReader(0));
     Assert.IsTrue(dasm.MoveNext());
     return dasm.Current;
 }
Ejemplo n.º 8
0
 protected MachineInstruction DisassembleBits(string bitPattern)
 {
     var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[4]);
     LeImageWriter w = new LeImageWriter(image.Bytes);
     uint instr = ParseBitPattern(bitPattern);
     w.WriteLeUInt32(0, instr);
     var b = image.Bytes;
     Debug.Print("Instruction bytes: {0:X2} {1:X2} {2:X2} {3:X2}", b[0], b[1], b[2], b[3]);
     var arch = CreateArchitecture();
     var dasm = arch.CreateDisassembler(image.CreateLeReader(0));
     return dasm.First();
 }
Ejemplo n.º 9
0
 protected MachineInstruction Disassemble16(params ushort[] instrs)
 {
     var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[4]);
     LeImageWriter w = new LeImageWriter(image.Bytes);
     foreach (var instr in instrs)
     {
         w.WriteLeUInt16(instr);
     }
     var arch = CreateArchitecture();
     var dasm = CreateDisassembler(arch, image.CreateLeReader(0));
     Assert.IsTrue(dasm.MoveNext());
     var armInstr = dasm.Current;
     dasm.Dispose();
     return armInstr;
 }
Ejemplo n.º 10
0
 protected static Arm32Instruction Disassemble(byte[] bytes)
 {
     var image = new LoadedImage(Address.Ptr32(0x00100000), bytes);
     var dasm = new Arm32Disassembler(new Arm32ProcessorArchitecture(), image.CreateLeReader(0));
     return dasm.First();
 }
Ejemplo n.º 11
0
 public void X86Dis_RelocatedSegment()
 {
     byte[] image = new byte[] { 0x2E, 0xC7, 0x06, 0x01, 0x00, 0x00, 0x08 }; // mov cs:[0001],0800
     LoadedImage img = new LoadedImage(Address.SegPtr(0x900, 0), image);
     img.Relocations.AddSegmentReference(5, 0x0800);
     ImageReader rdr = img.CreateLeReader(img.BaseAddress);
     CreateDisassembler16(rdr);
     X86Instruction instr = dasm.First();
     Assert.AreEqual("mov\tword ptr cs:[0001],0800", instr.ToString());
     Assert.AreEqual("selector", instr.op2.Width.ToString());
 }
Ejemplo n.º 12
0
 public void X86Dis_RelocatedOperand()
 {
     byte[] image = new byte[] { 0xB8, 0x78, 0x56, 0x34, 0x12 };	// mov eax,0x12345678
     LoadedImage img = new LoadedImage(Address.Ptr32(0x00100000), image);
     img.Relocations.AddPointerReference(0x00100001ul - img.BaseAddress.ToLinear(), 0x12345678);
     ImageReader rdr = img.CreateLeReader(img.BaseAddress);
     X86Disassembler dasm = new X86Disassembler(
         ProcessorMode.Protected32,
         rdr,
         PrimitiveType.Word32,
         PrimitiveType.Word32,
         false);
     X86Instruction instr = dasm.First();
     Assert.AreEqual("mov\teax,12345678", instr.ToString());
     Assert.AreEqual("ptr32", instr.op2.Width.ToString());
 }
Ejemplo n.º 13
0
        //[Test]
        public void ThumbRw_regression()
        {
            var code = ThumbBlock
                .Replace("\r\n", "\n")
                .Split('\n')
                .Select(s => s.Trim())
                .Where(s => !string.IsNullOrEmpty(s))
                .SelectMany(s =>
                {
                    var ss = s.Split(':')[1]
                    .Trim()
                    .Remove(9)
                    .Replace(" ", "");
                    return ss.Length == 8
                        ? new[] { ss.Substring(0, 4), ss.Substring(4, 4) }
                        : new[] { ss.Substring(0, 4) };
                })
                .Select(s => Convert.ToUInt16(s, 16))
                .SelectMany(s => new byte[] {
					(byte) s,
					(byte) (s >> 8)
				})
                .ToArray();
            var image = new LoadedImage(Address.Ptr32(0x00401000), code);
            var rw = new ThumbRewriter(arch, image.CreateLeReader(0), new ArmProcessorState(arch), arch.CreateFrame(), new FakeRewriterHost());
            {
                foreach (var rtc in rw)
                {
                    Console.WriteLine(rtc.Address);
                    foreach (var rtl in rtc.Instructions)
                    {
                        Console.WriteLine("    {0}", rtl);
                    }
                }
            }
        }