public bool Disassemble(Distorm.DecodeType decodeType)
{
if (this.Data.Length == 0)
{
return false;
}
if (this.InstructionsDisassembled.Count != 0)
{
this.InstructionsDisassembled = Distorm.Disassemble(this.Data, (ulong)Address.ToInt64(), decodeType);
if (this.InstructionsDisassembled.Count == 0)
{
return false;
}
}
if (this.InstructionsDecomposed.Length != 0)
{
this.InstructionsDecomposed = Distorm.Decompose(this.Data, (ulong)Address.ToInt64(), decodeType);
if (this.InstructionsDecomposed.Length == 0)
{
return false;
}
}
return true;
}
public static bool VerifyDecomposition2(Distorm.DInst[] result)
{
string expectedOutput = "mov [rsp+0x8], rsi\n" +
"mov [rsp+0x10], rdi\n" +
"push r12\n" +
"sub rsp, 0xb0\n" +
"and dword [rsp+0x20], 0x0\n" +
"lea rcx, [rsp+0x40]\n" +
"call qword [0xffbf2288]\n" +
"lea rdx, [rdi-0x18]\n";
if (result.Length < 7)
{
return false;
}
List<string> instructions = new List<string>();
foreach (Distorm.DInst inst in result)
{
instructions.Add(inst.ToString());
}
//List<string> instructions2 = Distorm.Disassemble(Program.code2, 0xFFBAB9D0, Distorm.DecodeType.Decode64Bits);
return expectedOutput.Equals(string.Join("\n", instructions) + "\n");
}
/// <summary>
/// Tests the decomposition of a resulting array that has parsed the test code in this class.
/// </summary>
/// <param name="result">The parsed results.</param>
/// <returns>Returns true if the results have been parsed as expected.</returns>
public static bool VerifyDecomposition(Distorm.DInst[] result)
{
if (result.Length < 6)
{
return false;
}
// Manually check each instruction.
if (result[0].InstructionType != Distorm.InstructionType.PUSH ||
result[0].ops[0].RegisterName != "ebp")
{
return false;
}
else if (result[1].InstructionType != Distorm.InstructionType.MOV ||
result[1].ops[0].RegisterName != "ebp" ||
result[1].ops[1].RegisterName != "esp")
{
return false;
}
else if (result[2].InstructionType != Distorm.InstructionType.MOV ||
result[2].ops[0].RegisterName != "eax" ||
result[2].ops[1].type != Distorm.OperandType.SMEM ||
result[2].ops[1].RegisterName != "ebp" ||
result[2].disp != 0x8)
{
return false;
}
else if (result[3].InstructionType != Distorm.InstructionType.ADD ||
result[3].ops[0].RegisterName != "eax" ||
result[3].ops[1].type != Distorm.OperandType.SMEM ||
result[3].ops[1].RegisterName != "ebp" ||
result[3].disp != 0xc)
{
return false;
}
else if (result[4].InstructionType != Distorm.InstructionType.LEAVE)
{
return false;
}
else if (result[5].InstructionType != Distorm.InstructionType.RET)
{
return false;
}
return true;
}