private void DisassembleAndWrite(ClrMethod method, string message, ArchitectureMode architecture, Translator translator, Reference <ulong> methodAddressRef, TextWriter writer)
{
writer.WriteLine(method.GetFullSignature());
if (message != null)
{
writer.Write(" ; ");
writer.WriteLine(message);
return;
}
var info = FindNonEmptyHotColdInfo(method);
if (info == null)
{
writer.WriteLine(" ; Failed to find HotColdInfo — please report at https://github.com/ashmind/TryRoslyn/issues.");
return;
}
var methodAddress = info.HotStart;
methodAddressRef.Value = methodAddress;
using (var disasm = new Disassembler(new IntPtr(unchecked ((long)methodAddress)), (int)info.HotSize, architecture, methodAddress)) {
foreach (var instruction in disasm.Disassemble())
{
writer.Write(" L");
writer.Write((instruction.Offset - methodAddress).ToString("x4"));
writer.Write(": ");
writer.WriteLine(translator.Translate(instruction));
}
}
}
public async Task Disasamx86x64x16(ArchitectureMode mode, [Remainder] string hex = null)
{
Disassembler.Translator.IncludeBinary = true;
var disasm = new Disassembler(Utilities.HexStringToByteArray(hex.ToString().Replace("\\x", "").Replace("0x", "").Replace(" ", "")), mode, 0, true);
await ReplyAsync($"```x86asm\n{string.Join("\n", disasm.Disassemble())}```");
}
public InstructionData(ulong _address)
{
ArchitectureMode architecture = ArchitectureMode.x86_64;
Disassembler.Translator.IncludeAddress = false;
Disassembler.Translator.IncludeBinary = false;
Instruction[] array = new Disassembler(PS4.ReadMemory(PID, _address, 100), architecture, _address, copyBinaryToInstruction: true, Vendor.Any, 0ul).Disassemble().ToArray();
StringBuilder stringBuilder = new StringBuilder();
Instruction[] bArray = new Disassembler(PS4.ReadMemory(PID, _address - 50, 100), architecture, _address - 50, copyBinaryToInstruction: true, Vendor.Any, 0uL).Disassemble().ToArray();
int num = 0;
try
{
while (true)
{
if (num >= bArray.Length)
{
bAddress = bArray[num].Offset;
}
if (bArray[num].PC == _address)
{
break;
}
num++;
}
int space = 0;
for (int i = 0; i < array.Length; i++)
{
space = 10 - array[i].Bytes.Length;
stringBuilder.AppendLine($"0x{array[i].Offset.ToString("X")} | {BitConverter.ToString(array[i].Bytes).Replace("-", " ")}{new string(' ', space * 5)} | {array[i].ToString()}");
}
}
catch { bAddress = 0; }
Length = array[0].Bytes.Length;
Bytes = array[0].Bytes;
string _SBytes = BitConverter.ToString(array[0].Bytes);
SBytes = _SBytes.Replace("-", " ");
Operation = array[0].ToString();
Address = array[0].Offset;
nAddress = array[1].Offset;
try
{
bAddress = bArray[num].Offset;
}
catch { bAddress = 0; }
fullData = stringBuilder.ToString();
}
public static List <Instruction> GetInstructions(ulong originalOffset, NativeArray <byte> blobData, int offset, int length)
{
Debug.Assert(offset >= 0);
Debug.Assert(length >= 0);
Debug.Assert(blobData.Length >= offset + length);
Disassembler.Translator.IncludeBinary = true;
Disassembler.Translator.IncludeAddress = true;
ArchitectureMode mode = ArchitectureMode.x86_64;
if (IntPtr.Size == 4)
{
mode = ArchitectureMode.x86_32;
}
unsafe
{
var codeStart = (IntPtr)((byte *)blobData.GetUnsafePtr() + offset);
var disasm = new Disassembler(codeStart, length, mode, originalOffset, true, Vendor.Intel);
return(disasm.Disassemble().ToList());
}
}
public override unsafe bool Run(out string disassemly)
{
Compile(_ctx);
string result;
string expected;
IntPtr fp;
int codeSize;
Execute(_ctx.Compile(out fp, out codeSize), out result, out expected);
var tmp = Marshal.AllocHGlobal(codeSize);
Buffer.MemoryCopy((void *)fp, (void *)tmp, codeSize, codeSize);
const ArchitectureMode mode = ArchitectureMode.x86_64;
Disassembler.Translator.IncludeAddress = true;
Disassembler.Translator.IncludeBinary = true;
var disasm = new Disassembler(tmp, codeSize, mode, (ulong)fp.ToInt64(), true);
disassemly = disasm.Disassemble().Aggregate("", (current, insn) => current + insn + Environment.NewLine);
Marshal.FreeHGlobal(tmp);
return(result == expected);
}
public void readTextSection()
{
uint PAddress = 0;
uint PSize = 0;
ArchitectureMode mode = ArchitectureMode.x86_32;
if (_peFile.Is64Bit)
{
mode = ArchitectureMode.x86_64;
}
foreach (var sec in _peFile.ImageSectionHeaders)
{
Name = PeNet.Utilities.FlagResolver.ResolveSectionName(sec.Name);
if (Name == ".text")
{
PAddress = sec.PointerToRawData;
PSize = sec.SizeOfRawData;
byte[] b = FileToByteArray(openFileDialog1.FileName, _peFile, (int)PAddress, (int)PSize);
var disasm = new Disassembler(b, mode, 0, true);
// Disassemble each instruction and output to console
richTextBox1.Text = "";
List <SharpDisasm.Instruction> dis = disasm.DisassembleList();
richTextBox1.Text = "";
progressBar1.Visible = true;
progressBar1.Minimum = 0;
progressBar1.Maximum = dis.Count;
for (int i = 0; i < dis.Count; i++)
{
richTextBox1.AppendText(string.Format("{0:x16} ", (long)_peFile.ImageNtHeaders.OptionalHeader.ImageBase + sec.VirtualAddress + (long)dis[i].Offset) + dis[i].ToString() + "\n");
progressBar1.Value = i;
}
progressBar1.Visible = false;
break;
}
}
}
private void DisassembleTarget(byte[] fileBytes, ArchitectureMode mode)
{
//Debug.WriteLine("[DisassembleTarget]");
log.Log(LogType.Normal, "DisassembleTarget");
// Create the disassembler
using (var disasm = new Disassembler(fileBytes, 1024, mode, this.addr, true, Vendor.Any))
{
var dis = disasm.Disassemble();
var i = dis.Count();
this.fProg.MaxProgress(i);
var o = 0;
// Disassemble each instruction and output to console
foreach (var insn in dis)
{
lock (lockThread)
{
this.WriteDis(Is64 ? insn.Offset.ToString("X16") : insn.Offset.ToString("X8"), toHex(insn.Bytes), insn.ToString(), insn);
this.bw.ReportProgress(o, "Added: " + insn.ToString());
o++;
}
}
}
}
internal Instruction(ref Udis86.ud u, bool keepBinary)
{
this.Offset = u.insn_offset;
this.PC = u.pc;
this.Mnemonic = u.mnemonic;
// Add operands
List<Operand> operands = new List<Operand>(4);
if (u.operand[0].type != Udis86.ud_type.UD_NONE)
{
operands.Add(new Operand(u.operand[0]));
if (u.operand[1].type != Udis86.ud_type.UD_NONE)
{
operands.Add(new Operand(u.operand[1]));
if (u.operand[2].type != Udis86.ud_type.UD_NONE)
{
operands.Add(new Operand(u.operand[2]));
if (u.operand[3].type != Udis86.ud_type.UD_NONE) operands.Add(new Operand(u.operand[3]));
}
}
}
this.Operands = operands.ToArray();
this.Length = u.inp_ctr;
// Copy the instruction bytes
if (keepBinary)
{
this.Bytes = AssemblyCode.CopyToBytes(u.inp_buf, u.inp_buf_index - this.Length, this.Length);
}
if (u.error > 0)
{
this.Error = true;
this.ErrorMessage = u.errorMessage;
}
else if (this.Mnemonic == Udis86.ud_mnemonic_code.UD_Iinvalid)
{
this.Error = true;
this.ErrorMessage = "Invalid instruction";
}
this.itab_entry = u.itab_entry;
this.dis_mode = (ArchitectureMode) u.dis_mode;
this.pfx_rex = u.pfx_rex;
this.pfx_seg = u.pfx_seg;
this.pfx_opr = u.pfx_opr;
this.pfx_adr = u.pfx_adr;
this.pfx_lock = u.pfx_lock;
this.pfx_str = u.pfx_str;
this.pfx_rep = u.pfx_rep;
this.pfx_repe = u.pfx_repe;
this.pfx_repne = u.pfx_repne;
this.opr_mode = u.opr_mode;
this.adr_mode = u.adr_mode;
this.br_far = u.br_far;
this.br_near = u.br_near;
this.have_modrm = u.have_modrm;
this.modrm = u.modrm;
this.primary_opcode = u.primary_opcode;
}
/// <summary>
/// Prepares a new disassembler instance for the code located at the memory address provided. The instructions can then be disassembled with a call to <see cref="Disassemble"/>. The base address used to resolve relative addresses should be provided in <paramref name="address"/>.
/// </summary>
/// <param name="codePtr">A pointer to memory to be disassembled.</param>
/// <param name="codeLength">The maximum length to be disassembled.</param>
/// <param name="architecture">The architecture of the code (e.g. 64-bit, 32-bit or 16-bit).</param>
/// <param name="address">The address of the first byte of code. This value is used to resolve relative addresses into absolute addresses while disassembling.</param>
/// <param name="copyBinaryToInstruction">Keeps a copy of the binary code for the instruction. This will increase the memory usage for each instruction. This is necessary if planning on using the <see cref="Translators.Translator.IncludeBinary"/> option.</param>
/// <param name="vendor">What vendors to support for disassembly, default is Any. Other options are AMD or Intel.</param>
public Disassembler(IntPtr codePtr, int codeLength, ArchitectureMode architecture, ulong address = 0x0, bool copyBinaryToInstruction = false, Vendor vendor = Vendor.Any)
: this(new AssemblyCodeMemory(codePtr, codeLength), architecture, address, copyBinaryToInstruction, vendor)
{
if (codePtr == IntPtr.Zero)
throw new ArgumentOutOfRangeException("codePtr");
if (codeLength <= 0)
throw new ArgumentOutOfRangeException("codeLength", "Code length must be larger than 0.");
}
/// <summary>
/// Prepares a new disassembler instance for the code provided. The instructions can then be disassembled with a call to <see cref="Disassemble"/>. The base address used to resolve relative addresses should be provided in <paramref name="address"/>.
/// </summary>
/// <param name="code">The code to be disassembled</param>
/// <param name="architecture">The target x86 instruction set architecture of the code (e.g. 64-bit, 32-bit or 16-bit).</param>
/// <param name="address">The address of the first byte of code. This value is used to resolve relative addresses into absolute addresses while disassembling.</param>
/// <param name="copyBinaryToInstruction">Keeps a copy of the binary code for the instruction. This will increase the memory usage for each instruction. This is necessary if planning on using the <see cref="Translators.Translator.IncludeBinary"/> option.</param>
/// <param name="vendor">What vendor instructions to support during disassembly, default is Any. Other options are AMD or Intel.</param>
public Disassembler(byte[] code, ArchitectureMode architecture, ulong address = 0x0, bool copyBinaryToInstruction = false, Vendor vendor = Vendor.Any)
: this(new AssemblyCodeArray(code), architecture, address, copyBinaryToInstruction, vendor)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="Disassembler"/> class.
/// </summary>
/// <param name="code">The code.</param>
/// <param name="architecture">The architecture.</param>
/// <param name="address">The address.</param>
/// <param name="copyBinaryToInstruction">if set to <c>true</c> [copy binary to instruction].</param>
/// <param name="vendor">The vendor.</param>
public Disassembler(IAssemblyCode code, ArchitectureMode architecture, ulong address = 0x0, bool copyBinaryToInstruction = false, Vendor vendor = Vendor.Any)
{
this.code = code;
this.Architecture = architecture;
this.Address = address;
this.CopyBinaryToInstruction = copyBinaryToInstruction;
this.Vendor = vendor;
InitUdis86();
}
/// <summary>
/// Prepares a new disassembler instance for the code provided. The instructions can then be disassembled with a call to <see cref="Disassemble"/>. The base address used to resolve relative addresses should be provided in <paramref name="address"/>.
/// </summary>
/// <param name="code">The code to be disassembled</param>
/// <param name="architecture">The target x86 instruction set architecture of the code (e.g. 64-bit, 32-bit or 16-bit).</param>
/// <param name="address">The address of the first byte of code. This value is used to resolve relative addresses into absolute addresses while disassembling.</param>
/// <param name="copyBinaryToInstruction">Keeps a copy of the binary code for the instruction. This will increase the memory usage for each instruction. This is necessary if planning on using the <see cref="Translators.Translator.IncludeBinary"/> option.</param>
/// <param name="vendor">What vendor instructions to support during disassembly, default is Any. Other options are AMD or Intel.</param>
public Disassembler(byte[] code, ArchitectureMode architecture, ulong address = 0x0, bool copyBinaryToInstruction = false, Vendor vendor = Vendor.Any)
{
this.Code = code;
if (code != null)
{
_pinnedCodeArray = new AutoPinner(Code);
this.CodePtr = _pinnedCodeArray;
this.CodeLength = Code.Length;
}
this.Architecture = architecture;
this.Address = address;
this.CopyBinaryToInstruction = copyBinaryToInstruction;
this.Vendor = vendor;
InitUdis86();
}
