public static bool DecomposeFormatTest2()
{
string actualOutput = string.Empty;
GCHandle gch = GCHandle.Alloc(Program.code2, GCHandleType.Pinned);
// Prepare the _CodeInfo structure for decomposition.
Distorm.CodeInfo ci = new Distorm.CodeInfo();
ci.codeLen = Program.code2.Length;
ci.code = gch.AddrOfPinnedObject();
ci.codeOffset = 0xFFBAB9D0;
ci.dt = Distorm.DecodeType.Decode64Bits;
ci.features = Distorm.DecomposeFeatures.NONE;
// Prepare the result instruction buffer to receive the decomposition.
Distorm.DInst[] result = new Distorm.DInst[Program.code2.Length];
uint usedInstructionsCount = 0;
// Perform the decomposition.
Distorm.DecodeResult r =
Distorm.distorm_decompose(ref ci, result, (uint)result.Length, ref usedInstructionsCount);
// Release the handle pinned to the code.
gch.Free();
// Return false if an error occured during decomposition.
if (!r.Equals(Distorm.DecodeResult.SUCCESS))
{
return(false);
}
Array.Resize(ref result, (int)usedInstructionsCount);
return(VerifyDecomposition2(result));
}
/// <summary>
/// Tests both the distorm_decompose and distorm_format functions.
/// </summary>
/// <returns>Returns true if both tests passed.</returns>
public static bool DecomposeFormatTest()
{
string expectedOutput = "push ebp\n" +
"mov ebp, esp\n" +
"mov eax, [ebp+0x8]\n" +
"add eax, [ebp+0xc]\n" +
"leave\n" +
"ret\n";
string actualOutput = string.Empty;
GCHandle gch = GCHandle.Alloc(Program.code, GCHandleType.Pinned);
// Prepare the _CodeInfo structure for decomposition.
Distorm.CodeInfo ci = new Distorm.CodeInfo();
ci.codeLen = Program.code.Length;
ci.code = gch.AddrOfPinnedObject();
ci.codeOffset = 0;
ci.dt = Distorm.DecodeType.Decode32Bits;
ci.features = Distorm.DecomposeFeatures.NONE;
// Prepare the result instruction buffer to receive the decomposition.
Distorm.DInst[] result = new Distorm.DInst[Program.code.Length];
uint usedInstructionsCount = 0;
// Perform the decomposition.
Distorm.DecodeResult r =
Distorm.distorm_decompose(ref ci, result, (uint)result.Length, ref usedInstructionsCount);
// Release the handle pinned to the code.
gch.Free();
// Return false if an error occured during decomposition.
if (!r.Equals(Distorm.DecodeResult.SUCCESS))
{
return(false);
}
// Prepare a _DecodedInst structure for formatting the results.
Distorm.DecodedInst inst = new Distorm.DecodedInst();
for (uint i = 0; i < usedInstructionsCount; ++i)
{
// Format the results of the decomposition.
Distorm.distorm_format(ref ci, ref result[i], ref inst);
// Add it to the buffer to be verified.
if (string.IsNullOrEmpty(inst.Operands))
{
actualOutput += inst.Mnemonic + "\n";
}
else
{
actualOutput += inst.Mnemonic + " " + inst.Operands + "\n";
}
}
return(expectedOutput.Equals(actualOutput));
}
/// <summary>
/// Tests the DistormSimple.distorm_decompose() function.
/// </summary>
/// <returns>Returns true if the test passed.</returns>
public static bool DecomposeOnlyTest()
{
GCHandle gch = GCHandle.Alloc(Program.code, GCHandleType.Pinned);
Distorm.CodeInfo ci = new Distorm.CodeInfo();
ci.codeLen = Program.code.Length;
ci.code = gch.AddrOfPinnedObject();
ci.codeOffset = 0;
ci.dt = Distorm.DecodeType.Decode32Bits;
ci.features = Distorm.DecomposeFeatures.NONE;
Distorm.DInst[] result = new Distorm.DInst[Program.code.Length];
uint usedInstructionsCount = 0;
Distorm.DecodeResult r =
Distorm.distorm_decompose(ref ci, result, (uint)result.Length, ref usedInstructionsCount);
// Release the handle pinned to the code.
gch.Free();
// Return false if an error occured during decomposition.
if (!r.Equals(Distorm.DecodeResult.SUCCESS))
{
return(false);
}
if (usedInstructionsCount < 6)
{
return(false);
}
// Manually check each instruction.
if (result[0].InstructionType != Distorm.InstructionType.PUSH ||
result[0].ops[0].RegisterName != "ebp")
{
return(false);
}
else if (result[1].InstructionType != Distorm.InstructionType.MOV ||
result[1].ops[0].RegisterName != "ebp" ||
result[1].ops[1].RegisterName != "esp")
{
return(false);
}
else if (result[2].InstructionType != Distorm.InstructionType.MOV ||
result[2].ops[0].RegisterName != "eax" ||
result[2].ops[1].type != Distorm.OperandType.SMEM ||
result[2].ops[1].RegisterName != "ebp" ||
result[2].disp != 0x8)
{
return(false);
}
else if (result[3].InstructionType != Distorm.InstructionType.ADD ||
result[3].ops[0].RegisterName != "eax" ||
result[3].ops[1].type != Distorm.OperandType.SMEM ||
result[3].ops[1].RegisterName != "ebp" ||
result[3].disp != 0xc)
{
return(false);
}
else if (result[4].InstructionType != Distorm.InstructionType.LEAVE)
{
return(false);
}
else if (result[5].InstructionType != Distorm.InstructionType.RET)
{
return(false);
}
return(true);
}