Ejemplo n.º 1
0
        public static unsafe DecomposedInstruction FromUnsafe(DecomposedInstructionStruct* srcInst)
        {
            var di = new DecomposedInstruction {
            Address = srcInst->Address,
            Flags = srcInst->Flags,
            Size = srcInst->Size,
            _segment = srcInst->segment,
            Base = srcInst->ibase,
            Scale = srcInst->scale,
            Opcode = srcInst->Opcode,
            UnusedPrefixesMask = srcInst->UnusedPrefixesMask,
            Meta = srcInst->meta,
            RegistersMask = srcInst->UsedRegistersMask,
            ModifiedFlagsMask = srcInst->modifiedFlagsMask,
            TestedFlagsMask = srcInst->testedFlagsMask,
            UndefinedFlagsMask = srcInst->undefinedFlagsMask
              };

              /* Simple fields: */

              /* Immediate variant. */
              var immVariant = new ImmVariant {
            ImmediateValue = srcInst->ImmediateValue,
            Size = 0
              };
              /* The size of the immediate is in one of the operands, if at all. Look for it below. Zero by default. */

              /* Count operands. */
              var operandsNo = 0;
              for (operandsNo = 0; operandsNo < DecomposedInstructionStruct.OPERANDS_NO; operandsNo++)
              {
            if (srcInst->Operands[operandsNo].Type == OperandType.None)
              break;
              }

              var ops = new Operand[operandsNo];

              for (var j = 0; j < operandsNo; j++)
              {
            var srcOp = srcInst->Operands[j];
            if (srcOp.Type == OperandType.Immediate)
            {
              /* Set the size of the immediate operand. */
              immVariant.Size = srcInst->Operands[j].Size;
            }

            var op = new Operand
            {
              Type = srcOp.Type,
              Index = srcOp.index,
              Size = srcOp.Size
            };

            ops[j] = op;
              }
              di.Operands = ops;

              /* Attach the immediate variant. */
              di.ImmediateValue = immVariant;

              /* Displacement variant. */
              var disp = new DispVariant
              {
            Displacement = srcInst->Displacement,
            Size = srcInst->dispSize
              };

              di.Displacement = disp;
              return di;
        }
Ejemplo n.º 2
0
        public static unsafe DecodedInstruction Format(CodeInfo nci, DecomposedInstruction ndi)
        {
            var                input = new DecomposedInstructionStruct();
            CodeInfoStruct *   ci    = null;
            var                gch   = new GCHandle();
            DecodedInstruction di;

            try
            {
                ci = AcquireCodeInfoStruct(nci, out gch);
                if (ci == null)
                {
                    throw new OutOfMemoryException();
                }

                input.Address = ndi.Address;
                input.Flags   = ndi.Flags;
                input.Size    = (byte)ndi.Size;
                input.segment = (byte)ndi._segment;
                input.ibase   = (byte)ndi.Base;
                input.scale   = (byte)ndi.Scale;
                input.Opcode  = ndi.Opcode;
                /* unusedPrefixesMask is unused indeed, lol. */
                input.meta = (byte)ndi.Meta;
                /* Nor usedRegistersMask. */

                int opsCount = ndi.Operands.Length;
                for (var i = 0; i < opsCount; i++)
                {
                    var op = ndi.Operands[i];
                    if (op == null)
                    {
                        continue;
                    }
                    input.Operands[i].index = (byte)op.Index;
                    input.Operands[i].Type  = op.Type;
                    input.Operands[i].Size  = (ushort)op.Size;
                }

                if (ndi.ImmediateValue != null)
                {
                    input.ImmediateValue = ndi.ImmediateValue.ImmediateValue;
                }

                if (ndi.Displacement != null)
                {
                    input.Displacement = ndi.Displacement.Displacement;
                    input.dispSize     = (byte)ndi.Displacement.Size;
                }

                DecodedInstructionStruct output;
                distorm_format64(ci, &input, &output);

                di = DecodedInstruction.FromUnsafe(&output);
            }
            finally
            {
                if (gch.IsAllocated)
                {
                    gch.Free();
                }
                if (ci != null)
                {
                    Free(ci);
                }
            }
            return(di);
        }
Ejemplo n.º 3
0
        public static unsafe DecomposedInstruction FromUnsafe(DecomposedInstructionStruct *srcInst)
        {
            var di = new DecomposedInstruction {
                Address            = srcInst->Address,
                Flags              = srcInst->Flags,
                Size               = srcInst->Size,
                _segment           = srcInst->segment,
                Base               = srcInst->ibase,
                Scale              = srcInst->scale,
                Opcode             = srcInst->Opcode,
                UnusedPrefixesMask = srcInst->UnusedPrefixesMask,
                Meta               = srcInst->meta,
                RegistersMask      = srcInst->UsedRegistersMask,
                ModifiedFlagsMask  = srcInst->modifiedFlagsMask,
                TestedFlagsMask    = srcInst->testedFlagsMask,
                UndefinedFlagsMask = srcInst->undefinedFlagsMask
            };

            /* Simple fields: */

            /* Immediate variant. */
            var immVariant = new ImmVariant {
                ImmediateValue = srcInst->ImmediateValue,
                Size           = 0
            };
            /* The size of the immediate is in one of the operands, if at all. Look for it below. Zero by default. */

            /* Count operands. */
            var operandsNo = 0;

            for (operandsNo = 0; operandsNo < DecomposedInstructionStruct.OPERANDS_NO; operandsNo++)
            {
                if (srcInst->Operands[operandsNo].Type == OperandType.None)
                {
                    break;
                }
            }

            var ops = new Operand[operandsNo];

            for (var j = 0; j < operandsNo; j++)
            {
                var srcOp = srcInst->Operands[j];
                if (srcOp.Type == OperandType.Immediate)
                {
                    /* Set the size of the immediate operand. */
                    immVariant.Size = srcInst->Operands[j].Size;
                }

                var op = new Operand
                {
                    Type  = srcOp.Type,
                    Index = srcOp.index,
                    Size  = srcOp.Size
                };

                ops[j] = op;
            }
            di.Operands = ops;

            /* Attach the immediate variant. */
            di.ImmediateValue = immVariant;

            /* Displacement variant. */
            var disp = new DispVariant
            {
                Displacement = srcInst->Displacement,
                Size         = srcInst->dispSize
            };

            di.Displacement = disp;
            return(di);
        }
Ejemplo n.º 4
0
        public static unsafe DecodedInstruction Format(CodeInfo nci, DecomposedInstruction ndi)
        {
            var input = new DecomposedInstructionStruct();
              CodeInfoStruct *ci = null;
              var gch = new GCHandle();
              DecodedInstruction di;

              try
              {
            ci = AcquireCodeInfoStruct(nci, out gch);
            if (ci == null)
              throw new OutOfMemoryException();

            input.Address = ndi.Address;
            input.Flags = ndi.Flags;
            input.Size = (byte) ndi.Size;
            input.segment = (byte) ndi._segment;
            input.ibase = (byte) ndi.Base;
            input.scale = (byte) ndi.Scale;
            input.Opcode = ndi.Opcode;
            /* unusedPrefixesMask is unused indeed, lol. */
            input.meta = (byte) ndi.Meta;
            /* Nor usedRegistersMask. */

            int opsCount = ndi.Operands.Length;
            for (var i = 0; i < opsCount; i++) {
              var op = ndi.Operands[i];
              if (op == null) continue;
              input.Operands[i].index = (byte) op.Index;
              input.Operands[i].Type = op.Type;
              input.Operands[i].Size = (ushort) op.Size;
            }

            if (ndi.ImmediateValue != null)
              input.ImmediateValue = ndi.ImmediateValue.ImmediateValue;

            if (ndi.Displacement != null)
            {
              input.Displacement = ndi.Displacement.Displacement;
              input.dispSize = (byte) ndi.Displacement.Size;
            }

            DecodedInstructionStruct output;
            distorm_format64(ci, &input, &output);

            di = DecodedInstruction.FromUnsafe(&output);
              }
              finally
              {
            if (gch.IsAllocated)
              gch.Free();
            if (ci != null)
              Free(ci);
              }
              return di;
        }