public IntPtr GetNativeFunctionPointer()
{
if (HasStableEntryPoint() == false)
{
return(IntPtr.Zero);
}
IntPtr ptrEntry = GetFunctionPointer();
if (ptrEntry == IntPtr.Zero)
{
return(IntPtr.Zero);
}
SharpDisasm.ArchitectureMode mode = (IntPtr.Size == 8) ? SharpDisasm.ArchitectureMode.x86_64 : SharpDisasm.ArchitectureMode.x86_32;
SharpDisasm.Disassembler.Translator.IncludeAddress = false;
SharpDisasm.Disassembler.Translator.IncludeBinary = false;
{
byte[] buf = ptrEntry.ReadBytes(NativeMethods.MaxLengthOpCode);
var disasm = new SharpDisasm.Disassembler(buf, mode, (ulong)ptrEntry.ToInt64());
Instruction inst = disasm.Disassemble().First();
if (inst.Mnemonic == SharpDisasm.Udis86.ud_mnemonic_code.UD_Ijmp)
{
// Visual Studio + F5 Debug = Always point to "Fixup Precode"
long address = (long)inst.PC + inst.Operands[0].Value;
return(new IntPtr(address));
}
else
{
return(ptrEntry);
}
}
}
private SharpDisasm.Disassembler createDisassembler(byte[] code)
{
SharpDisasm.ArchitectureMode mode = SharpDisasm.ArchitectureMode.x86_32;
// Configure the translator to output instruction addresses and instruction binary as hex
SharpDisasm.Disassembler.Translator.IncludeAddress = true;
SharpDisasm.Disassembler.Translator.IncludeBinary = true;
// Create the disassembler
return(new SharpDisasm.Disassembler(
code,
mode, 0, true, instructionFactory: new AssemblyInstructionForTransformationFactory()));
}
private static void OutputAssembly(byte[] codeBuffer, PeFile peFile)
{
fileCounter++;
SharpDisasm.ArchitectureMode mode = SharpDisasm.ArchitectureMode.x86_32;
// Configure the translator to output instruction addresses and instruction binary as hex
SharpDisasm.Disassembler.Translator.IncludeAddress = true;
SharpDisasm.Disassembler.Translator.IncludeBinary = true;
// Create the disassembler
var disasm = new SharpDisasm.Disassembler(
codeBuffer,
mode, 0, true);
using (System.IO.StreamWriter file =
new System.IO.StreamWriter("AssemblerOutput" + fileCounter.ToString() + ".txt"))
{
SharpDisasm.Instruction instruction = null;
var instructionEnum = disasm.Disassemble().GetEnumerator();
foreach (var relocationDirectory in peFile.ImageRelocationDirectory)
{
foreach (var relocationOffset in relocationDirectory.TypeOffsets)
{
// Disassemble each instruction and output to console
while (instructionEnum.MoveNext() &&
(instruction = instructionEnum.Current) != null &&
!IsOffsetInInstruction(instruction, relocationOffset))
{
file.WriteLine(instruction.ToString());
}
if (instruction != null)
{
file.WriteLine(instruction.ToString() + " Relocation Address: " + relocationOffset.Offset.ToString("X"));
}
}
}
}
}