/// <summary>
/// Create a Disassembler.
/// </summary>
/// <param name="architecture">
/// The disassembler's architecture.
/// </param>
/// <param name="mode">
/// The disassembler's mode.
/// </param>
protected CapstoneDisassembler(DisassembleArchitecture architecture, DisassembleMode mode)
{
this._architecture = architecture;
this._mode = mode;
this._handle = NativeCapstone.Create(this._architecture, this._mode);
this.EnableDetails = false;
this.Syntax = DisassembleSyntaxOptionValue.Default;
}
/// <summary>
/// Build an Instruction.
/// </summary>
/// <param name="disassembler">
/// A disassembler.
/// </param>
/// <param name="hInstruction">
/// An instruction handle.
/// </param>
internal virtual void Build(CapstoneDisassembler disassembler, NativeInstructionHandle hInstruction)
{
// ...
//
// Throws an exception if the operation fails.
var nativeInstruction = NativeCapstone.GetInstruction(hInstruction);
this.Address = nativeInstruction.Address;
this.DisassembleArchitecture = disassembler.DisassembleArchitecture;
this.DisassembleMode = this.CreateDisassembleMode(disassembler.NativeDisassembleMode);
this.Id = this.CreateId(nativeInstruction.Id);
this.IsSkippedData = disassembler.EnableSkipDataMode && !(nativeInstruction.Id > 0);
this.Mnemonic = !CapstoneDisassembler.IsDietModeEnabled ? nativeInstruction.Mnemonic : null;
this.Operand = !CapstoneDisassembler.IsDietModeEnabled ? nativeInstruction.Operand : null;
// ...
//
// ...
SetBytes(this, ref nativeInstruction);
SetDetails(this, disassembler, hInstruction, ref nativeInstruction);
// <summary>
// Set Instruction's Machine Bytes.
// </summary>
void SetBytes(InstructionBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TId, TRegister, TRegisterId> @this, ref NativeInstruction cNativeInstruction)
{
@this.Bytes = new byte[0];
if (cNativeInstruction.Id >= 0)
{
@this.Bytes = new byte[cNativeInstruction.Size];
for (var cI = 0; cI < @this.Bytes.Length; cI++)
{
@this.Bytes[cI] = cNativeInstruction.Bytes[cI];
}
}
}
// <summary>
// Set Instruction's Details.
// </summary>
void SetDetails(InstructionBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, NativeInstructionHandle cHInstruction, ref NativeInstruction cNativeInstruction)
{
var cHasDetails = cNativeInstruction.Details != IntPtr.Zero;
var cIsInstructionDetailsEnabled = cDisassembler.EnableInstructionDetails;
@this.Details = null;
if (cHasDetails && cIsInstructionDetailsEnabled && cNativeInstruction.Id > 0)
{
@this.Details = @this.CreateDetails(cDisassembler, cHInstruction);
}
}
}
/// <summary>
/// Create a Native Capstone.
/// </summary>
static NativeCapstone()
{
OperatingSystem os = Environment.OSVersion;
PlatformID pid = os.Platform;
switch (pid)
{
case PlatformID.Win32NT:
case PlatformID.Win32S:
case PlatformID.Win32Windows:
case PlatformID.WinCE:
NativeCapstone.LoadLibrary();
break;
}
}
/// <summary>
/// Disable Disassemble Details Option.
/// </summary>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the disassemble details option could not be disabled.
/// </exception>
public static void DisableDetailOption(SafeCapstoneHandle handle)
{
NativeCapstone.SetDisassembleDetails(handle, false);
}
/// <summary>
/// Enable Intel Disassemble Syntax Option.
/// </summary>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the disassemble syntax option could not be set.
/// </exception>
public static void EnableIntelDisassembleSyntaxOption(SafeCapstoneHandle handle)
{
NativeCapstone.SetDisassembleSyntaxOption(handle, DisassembleSyntaxOptionValue.Intel);
}
/// <summary>
/// Enable Default Disassemble Syntax Option.
/// </summary>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the disassemble syntax option could not be set.
/// </exception>
public static void EnableDefaultDisassembleSyntaxOption(SafeCapstoneHandle handle)
{
NativeCapstone.SetDisassembleSyntaxOption(handle, DisassembleSyntaxOptionValue.Default);
}
/// <summary>
/// Enable Disassemble Details Option.
/// </summary>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the disassemble details option could not be enabled.
/// </exception>
public static void EnableDisassembleDetails(SafeCapstoneHandle handle)
{
NativeCapstone.SetDisassembleDetails(handle, true);
}
/// <summary>
/// Disassemble All Binary Code.
/// </summary>
/// <remarks>
/// Convenient method to disassemble binary code with the assumption that the address of the first
/// instruction in the collection of bytes to disassemble is 0x1000. Equivalent to calling
/// <c>NativeCapstone.DisassembleAll(handle, code, 0x1000)</c>.
/// </remarks>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <param name="code">
/// A collection of bytes representing the binary code to disassemble. Should not be a null reference.
/// </param>
/// <returns>
/// A native instruction handle.
/// </returns>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the binary code could not be disassembled.
/// </exception>
public static SafeNativeInstructionHandle DisassembleAll(SafeCapstoneHandle handle, byte[] code)
{
var instructions = NativeCapstone.DisassembleAll(handle, code, 0x1000);
return(instructions);
}
/// <summary>
/// Disassemble Binary Code.
/// </summary>
/// <remarks>
/// Convenient method to disassemble binary code with the assumption that the address of the first
/// instruction in the collection of bytes to disassemble is 0x1000. Equivalent to calling
/// <c>NativeCapstone.Disassemble(handle, code, 0x1000, count)</c>.
/// </remarks>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <param name="code">
/// A collection of bytes representing the binary code to disassemble. Should not be a null reference.
/// </param>
/// <param name="count">
/// The number of instructions to disassemble. A 0 indicates all instructions should be disassembled.
/// </param>
/// <returns>
/// A native instruction handle.
/// </returns>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the binary code could not be disassembled.
/// </exception>
// public static SafeNativeInstructionHandle Disassemble(SafeCapstoneHandle handle, byte[] code, int count) {
// var instructionHandle = NativeCapstone.Disassemble(handle, code, 0x1000, count);
// return instructionHandle;
// }
/// <summary>
/// Disassemble All Binary Code.
/// </summary>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <param name="code">
/// A collection of bytes representing the binary code to disassemble. Should not be a null reference.
/// </param>
/// <param name="startingAddress">
/// The address of the first instruction in the collection of bytes to disassemble.
/// </param>
/// <returns>
/// A native instruction handle.
/// </returns>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the binary code could not be disassembled.
/// </exception>
public static SafeNativeInstructionHandle DisassembleAll(SafeCapstoneHandle handle, byte[] code, ulong startingAddress)
{
var instructionHandle = NativeCapstone.Disassemble(handle, code, 0, startingAddress);
return(instructionHandle);
}
/// <summary>
/// Create a Native Capstone.
/// </summary>
static NativeCapstone()
{
NativeCapstone.LoadLibrary();
}
/// <summary>
/// Build an Instruction Detail.
/// </summary>
/// <param name="disassembler">
/// A disassembler.
/// </param>
/// <param name="hInstruction">
/// An instruction handle.
/// </param>
internal virtual void Build(CapstoneDisassembler disassembler, NativeInstructionHandle hInstruction)
{
// ...
//
// Throws an exception if the operation fails.
var nativeInstructionDetail = NativeCapstone.GetInstructionDetail(hInstruction).GetValueOrDefault();
this.DisassembleArchitecture = disassembler.DisassembleArchitecture;
this.DisassembleMode = this.CreateDisassembleMode(disassembler.NativeDisassembleMode);
// ...
//
// ...
SetAccessedRegisters(this, disassembler, hInstruction);
SetGroups(this, disassembler, ref nativeInstructionDetail);
SetImplicitlyReadRegisters(this, disassembler, ref nativeInstructionDetail);
SetImplicitlyWrittenRegisters(this, disassembler, ref nativeInstructionDetail);
// <summary>
// Set Accessed Registers.
// </summary>
void SetAccessedRegisters(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, NativeInstructionHandle cHInstruction)
{
@this.AllReadRegisters = new TRegister[0];
@this.AllWrittenRegisters = new TRegister[0];
if (!CapstoneDisassembler.IsDietModeEnabled)
{
var isArchSupported = cDisassembler.DisassembleArchitecture != DisassembleArchitecture.M68K;
isArchSupported = isArchSupported && cDisassembler.DisassembleArchitecture != DisassembleArchitecture.Mips;
isArchSupported = isArchSupported && cDisassembler.DisassembleArchitecture != DisassembleArchitecture.PowerPc;
isArchSupported = isArchSupported && cDisassembler.DisassembleArchitecture != DisassembleArchitecture.XCore;
if (isArchSupported)
{
// ...
//
// Throws an exception if the operation fails.
var cAccessedRegisters = NativeCapstone.GetAccessedRegisters(cDisassembler.Handle, cHInstruction);
@this.AllReadRegisters = new TRegister[cAccessedRegisters.Item1.Length];
for (var cI = 0; cI < @this.AllReadRegisters.Length; cI++)
{
var cExplicitlyReadRegister = cAccessedRegisters.Item1[cI];
@this.AllReadRegisters[cI] = @this.CreateRegister(cDisassembler, cExplicitlyReadRegister);
}
@this.AllWrittenRegisters = new TRegister[cAccessedRegisters.Item2.Length];
for (var cI = 0; cI < @this.AllWrittenRegisters.Length; cI++)
{
var cExplicitlyWrittenRegister = cAccessedRegisters.Item2[cI];
@this.AllWrittenRegisters[cI] = @this.CreateRegister(cDisassembler, cExplicitlyWrittenRegister);
}
}
}
}
// <summary>
// Set Instruction's Groups.
// </summary>
void SetGroups(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, ref NativeInstructionDetail cNativeInstructionDetail)
{
@this.Groups = new TGroup[cNativeInstructionDetail.GroupCount];
if (!CapstoneDisassembler.IsDietModeEnabled)
{
for (var cI = 0; cI < @this.Groups.Length; cI++)
{
var cGroup = cNativeInstructionDetail.Groups[cI];
@this.Groups[cI] = @this.CreateInstructionGroup(cDisassembler, cGroup);
}
}
}
// <summary>
// Set Implicitly Read Registers.
// </summary>
void SetImplicitlyReadRegisters(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, ref NativeInstructionDetail cNativeInstructionDetail)
{
@this.ImplicitlyReadRegisters = new TRegister[cNativeInstructionDetail.ImplicitlyReadRegisterCount];
if (!CapstoneDisassembler.IsDietModeEnabled)
{
for (var cI = 0; cI < @this.ImplicitlyReadRegisters.Length; cI++)
{
var cImplicitlyReadRegister = cNativeInstructionDetail.ImplicitlyReadRegisters[cI];
@this.ImplicitlyReadRegisters[cI] = @this.CreateRegister(cDisassembler, cImplicitlyReadRegister);
}
}
}
// <summary>
// Set Implicitly Written Registers.
// </summary>
void SetImplicitlyWrittenRegisters(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, ref NativeInstructionDetail cNativeInstructionDetail)
{
@this.ImplicitlyWrittenRegisters = new TRegister[cNativeInstructionDetail.ImplicitlyWrittenRegisterCount];
if (!CapstoneDisassembler.IsDietModeEnabled)
{
for (var cI = 0; cI < @this.ImplicitlyWrittenRegisters.Length; cI++)
{
var cImplicitlyWrittenRegister = cNativeInstructionDetail.ImplicitlyWrittenRegisters[cI];
@this.ImplicitlyWrittenRegisters[cI] = @this.CreateRegister(cDisassembler, cImplicitlyWrittenRegister);
}
}
}
}
/// <summary>
/// Disassemble Binary Code.
/// </summary>
/// <remarks>
/// Convenient method to disassemble binary code with the assumption that the address of the first
/// instruction in the collection of bytes to disassemble is 0x1000. Equivalent to calling
/// <c>NativeCapstone.Disassemble(handle, code, 0x1000, count)</c>.
/// </remarks>
/// <param name="handle">
/// A Capstone handle. Should not be a null reference.
/// </param>
/// <param name="code">
/// A collection of bytes representing the binary code to disassemble. Should not be a null reference.
/// </param>
/// <param name="count">
/// The number of instructions to disassemble. A 0 indicates all instructions should be disassembled.
/// </param>
/// <returns>
/// A native instruction handle.
/// </returns>
/// <exception cref="System.InvalidOperationException">
/// Thrown if the binary code could not be disassembled.
/// </exception>
public static SafeNativeInstructionHandle Disassemble(SafeCapstoneHandle handle, byte[] code, int count)
{
var instructionHandle = NativeCapstone.Disassemble(handle, code, 0x1000, count);
return(instructionHandle);
}
