public void TestCreate()
{
var disassembler = new CapstoneArm64Disassembler(DisassembleMode.Arm32);
Assert.IsNotNull(disassembler);
Assert.AreEqual(disassembler.Architecture, DisassembleArchitecture.Arm64);
Assert.AreEqual(disassembler.EnableDetails, false);
Assert.AreEqual(disassembler.Mode, DisassembleMode.Arm32);
Assert.AreEqual(disassembler.Syntax, DisassembleSyntaxOptionValue.Default);
}
public void TestCreate()
{
var disassembler = new CapstoneArm64Disassembler(DisassembleMode.Arm32);
Assert.IsNotNull(disassembler);
Assert.AreEqual(disassembler.Architecture, DisassembleArchitecture.Arm64);
Assert.AreEqual(disassembler.EnableDetails, false);
Assert.AreEqual(disassembler.Mode, DisassembleMode.Arm32);
Assert.AreEqual(disassembler.Syntax, DisassembleSyntaxOptionValue.Default);
}
public Arm64Instruction[] DisasmArm64(byte[] bytes)
{
const Arm64DisassembleMode disassembleMode = Arm64DisassembleMode.Arm;
using (CapstoneArm64Disassembler disassembler = CapstoneDisassembler.CreateArm64Disassembler(disassembleMode))
{
disassembler.EnableInstructionDetails = true;
disassembler.DisassembleSyntax = DisassembleSyntax.Intel;
Arm64Instruction[] instructions = disassembler.Disassemble(bytes);
return(instructions);
}
}
public void TestDisassemble()
{
// Create X86 Disassembler.
// Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically
// when it is no longer needed.
using (var disassembler = new CapstoneArm64Disassembler(DisassembleMode.Arm32))
{
Assert.IsNotNull(disassembler);
// Enable Disassemble Details.
// Enables disassemble details, which are disabled by default, to provide more detailed information on
// disassembled binary code.
disassembler.EnableDetails = true;
// Set Disassembler's Syntax.
// Make the disassembler generate instructions in Intel syntax.
disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
// Disassemble All Binary Code.
var code = new byte[] {0x09, 0x00, 0x38, 0xd5, 0xbf, 0x40, 0x00, 0xd5, 0x0c, 0x05, 0x13, 0xd5, 0x20, 0x50, 0x02, 0x0e, 0x20, 0xe4, 0x3d, 0x0f, 0x00, 0x18, 0xa0, 0x5f, 0xa2, 0x00, 0xae, 0x9e, 0x9f, 0x37, 0x03, 0xd5, 0xbf, 0x33, 0x03, 0xd5, 0xdf, 0x3f, 0x03, 0xd5, 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9, 0x20, 0x04, 0x81, 0xda, 0x20, 0x08, 0x02, 0x8b, 0x10, 0x5b, 0xe8, 0x3c};
var instructions = disassembler.DisassembleAll(code, 0x2C);
//Assert.AreEqual(instructions.Length, 2);
}
}
public void TestDisassemble()
{
// Create X86 Disassembler.
// Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically
// when it is no longer needed.
using (var disassembler = new CapstoneArm64Disassembler(DisassembleMode.Arm32))
{
Assert.IsNotNull(disassembler);
// Enable Disassemble Details.
// Enables disassemble details, which are disabled by default, to provide more detailed information on
// disassembled binary code.
disassembler.EnableDetails = true;
// Set Disassembler's Syntax.
// Make the disassembler generate instructions in Intel syntax.
disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
// Disassemble All Binary Code.
var code = new byte[] { 0x09, 0x00, 0x38, 0xd5, 0xbf, 0x40, 0x00, 0xd5, 0x0c, 0x05, 0x13, 0xd5, 0x20, 0x50, 0x02, 0x0e, 0x20, 0xe4, 0x3d, 0x0f, 0x00, 0x18, 0xa0, 0x5f, 0xa2, 0x00, 0xae, 0x9e, 0x9f, 0x37, 0x03, 0xd5, 0xbf, 0x33, 0x03, 0xd5, 0xdf, 0x3f, 0x03, 0xd5, 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9, 0x20, 0x04, 0x81, 0xda, 0x20, 0x08, 0x02, 0x8b, 0x10, 0x5b, 0xe8, 0x3c };
var instructions = disassembler.DisassembleAll(code, 0x2C);
//Assert.AreEqual(instructions.Length, 2);
}
}
/// <summary>
/// Create a ARM64 Disassembler.
/// </summary>
/// <param name="mode">
/// The disassembler's mode.
/// </param>
/// <returns>
/// A capstone disassembler.
/// </returns>
public static CapstoneDisassembler <Arm64Instruction, Arm64Register, Arm64InstructionGroup, Arm64InstructionDetail> CreateArm64Disassembler(DisassembleMode mode)
{
var @object = new CapstoneArm64Disassembler(mode);
return(@object);
}
internal static void ShowArm64()
{
using (CapstoneArm64Disassembler disassembler = new CapstoneArm64Disassembler(DisassembleMode.Arm32)) {
disassembler.EnableDetails = true;
disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
byte[] code = new byte[] {0x09, 0x00, 0x38, 0xd5, 0xbf, 0x40, 0x00, 0xd5, 0x0c, 0x05, 0x13, 0xd5, 0x20, 0x50, 0x02, 0x0e, 0x20, 0xe4, 0x3d, 0x0f, 0x00, 0x18, 0xa0, 0x5f, 0xa2, 0x00, 0xae, 0x9e, 0x9f, 0x37, 0x03, 0xd5, 0xbf, 0x33, 0x03, 0xd5, 0xdf, 0x3f, 0x03, 0xd5, 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9, 0x20, 0x04, 0x81, 0xda, 0x20, 0x08, 0x02, 0x8b, 0x10, 0x5b, 0xe8, 0x3c};
var instructions = disassembler.DisassembleAll(code, 0x2C);
string hexCode = BitConverter.ToString(code).Replace("-", " ");
Console.WriteLine(hexCode);
Console.WriteLine();
foreach (var instruction in instructions) {
Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
Console.WriteLine("\t Id = {0}", instruction.Id);
if (instruction.ArchitectureDetail != null) {
Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);
foreach (var operand in instruction.ArchitectureDetail.Operands) {
string operandValue = null;
switch (operand.Type) {
case Arm64InstructionOperandType.CImmediate:
operandValue = operand.ImmediateValue.Value.ToString("X");
break;
case Arm64InstructionOperandType.FloatingPoint:
operandValue = operand.FloatingPointValue.Value.ToString();
break;
case Arm64InstructionOperandType.Immediate:
operandValue = operand.ImmediateValue.Value.ToString("X");
break;
case Arm64InstructionOperandType.MemoryBarrierOperation:
operandValue = operand.MemoryBarrierOperation.Value.ToString();
break;
case Arm64InstructionOperandType.Memory:
operandValue = "-->";
break;
case Arm64InstructionOperandType.MrsRegister:
operandValue = operand.MrsRegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.MsrRegister:
operandValue = operand.MsrRegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.PState:
operandValue = operand.PState.Value.ToString();
break;
case Arm64InstructionOperandType.PrefetchOperation:
operandValue = operand.PrefetchOperation.Value.ToString();
break;
case Arm64InstructionOperandType.Register:
operandValue = operand.RegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.SysOperation:
operandValue = "-->";
break;
}
Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);
if (operand.Type == Arm64InstructionOperandType.Memory) {
Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
Console.WriteLine();
}
if (operand.Type == Arm64InstructionOperandType.SysOperation) {
operandValue = null;
switch (instruction.Id) {
case Arm64Instruction.AT:
operandValue = operand.AtInstructionOperation.ToString();
break;
case Arm64Instruction.DC:
operandValue = operand.DcInstructionOperation.ToString();
break;
case Arm64Instruction.IC:
operandValue = operand.IcInstructionOperation.ToString();
break;
case Arm64Instruction.TLBI:
operandValue = operand.TlbiInstructionOperation.ToString();
break;
}
Console.WriteLine("\t\t\t SYS Operation = {0}", operandValue);
Console.WriteLine();
}
Console.WriteLine("\t\t\t Extender = {0}", operand.Extender);
Console.WriteLine("\t\t\t Shifter = -->");
Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);
Console.WriteLine("\t\t\t Vector Arrangement Specifier = {0}", operand.VectorArrangementSpecifier);
Console.WriteLine("\t\t\t Vector Element Size Specifier = {0}", operand.VectorElementSizeSpecifier);
Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
}
Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
}
Console.WriteLine();
}
}
}
internal static void ShowArm64()
{
using (CapstoneArm64Disassembler disassembler = new CapstoneArm64Disassembler(DisassembleMode.Arm32)) {
disassembler.EnableDetails = true;
disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
byte[] code = new byte[] { 0x09, 0x00, 0x38, 0xd5, 0xbf, 0x40, 0x00, 0xd5, 0x0c, 0x05, 0x13, 0xd5, 0x20, 0x50, 0x02, 0x0e, 0x20, 0xe4, 0x3d, 0x0f, 0x00, 0x18, 0xa0, 0x5f, 0xa2, 0x00, 0xae, 0x9e, 0x9f, 0x37, 0x03, 0xd5, 0xbf, 0x33, 0x03, 0xd5, 0xdf, 0x3f, 0x03, 0xd5, 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9, 0x20, 0x04, 0x81, 0xda, 0x20, 0x08, 0x02, 0x8b, 0x10, 0x5b, 0xe8, 0x3c };
var instructions = disassembler.DisassembleAll(code, 0x2C);
string hexCode = BitConverter.ToString(code).Replace("-", " ");
Console.WriteLine(hexCode);
Console.WriteLine();
foreach (var instruction in instructions)
{
Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
Console.WriteLine("\t Id = {0}", instruction.Id);
if (instruction.ArchitectureDetail != null)
{
Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);
foreach (var operand in instruction.ArchitectureDetail.Operands)
{
string operandValue = null;
switch (operand.Type)
{
case Arm64InstructionOperandType.CImmediate:
operandValue = operand.ImmediateValue.Value.ToString("X");
break;
case Arm64InstructionOperandType.FloatingPoint:
operandValue = operand.FloatingPointValue.Value.ToString();
break;
case Arm64InstructionOperandType.Immediate:
operandValue = operand.ImmediateValue.Value.ToString("X");
break;
case Arm64InstructionOperandType.MemoryBarrierOperation:
operandValue = operand.MemoryBarrierOperation.Value.ToString();
break;
case Arm64InstructionOperandType.Memory:
operandValue = "-->";
break;
case Arm64InstructionOperandType.MrsRegister:
operandValue = operand.MrsRegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.MsrRegister:
operandValue = operand.MsrRegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.PState:
operandValue = operand.PState.Value.ToString();
break;
case Arm64InstructionOperandType.PrefetchOperation:
operandValue = operand.PrefetchOperation.Value.ToString();
break;
case Arm64InstructionOperandType.Register:
operandValue = operand.RegisterValue.Value.ToString();
break;
case Arm64InstructionOperandType.SysOperation:
operandValue = "-->";
break;
}
Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);
if (operand.Type == Arm64InstructionOperandType.Memory)
{
Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
Console.WriteLine();
}
if (operand.Type == Arm64InstructionOperandType.SysOperation)
{
operandValue = null;
switch (instruction.Id)
{
case Arm64Instruction.AT:
operandValue = operand.AtInstructionOperation.ToString();
break;
case Arm64Instruction.DC:
operandValue = operand.DcInstructionOperation.ToString();
break;
case Arm64Instruction.IC:
operandValue = operand.IcInstructionOperation.ToString();
break;
case Arm64Instruction.TLBI:
operandValue = operand.TlbiInstructionOperation.ToString();
break;
}
Console.WriteLine("\t\t\t SYS Operation = {0}", operandValue);
Console.WriteLine();
}
Console.WriteLine("\t\t\t Extender = {0}", operand.Extender);
Console.WriteLine("\t\t\t Shifter = -->");
Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);
Console.WriteLine("\t\t\t Vector Arrangement Specifier = {0}", operand.VectorArrangementSpecifier);
Console.WriteLine("\t\t\t Vector Element Size Specifier = {0}", operand.VectorElementSizeSpecifier);
Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
}
Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
}
Console.WriteLine();
}
}
}