public IntPtr GetNativeFunctionPointer() { if (HasStableEntryPoint() == false) { return(IntPtr.Zero); } IntPtr ptrEntry = GetFunctionPointer(); if (ptrEntry == IntPtr.Zero) { return(IntPtr.Zero); } SharpDisasm.ArchitectureMode mode = (IntPtr.Size == 8) ? SharpDisasm.ArchitectureMode.x86_64 : SharpDisasm.ArchitectureMode.x86_32; SharpDisasm.Disassembler.Translator.IncludeAddress = false; SharpDisasm.Disassembler.Translator.IncludeBinary = false; { byte[] buf = ptrEntry.ReadBytes(NativeMethods.MaxLengthOpCode); var disasm = new SharpDisasm.Disassembler(buf, mode, (ulong)ptrEntry.ToInt64()); Instruction inst = disasm.Disassemble().First(); if (inst.Mnemonic == SharpDisasm.Udis86.ud_mnemonic_code.UD_Ijmp) { // Visual Studio + F5 Debug = Always point to "Fixup Precode" long address = (long)inst.PC + inst.Operands[0].Value; return(new IntPtr(address)); } else { return(ptrEntry); } } }
private SharpDisasm.Disassembler createDisassembler(byte[] code) { SharpDisasm.ArchitectureMode mode = SharpDisasm.ArchitectureMode.x86_32; // Configure the translator to output instruction addresses and instruction binary as hex SharpDisasm.Disassembler.Translator.IncludeAddress = true; SharpDisasm.Disassembler.Translator.IncludeBinary = true; // Create the disassembler return(new SharpDisasm.Disassembler( code, mode, 0, true, instructionFactory: new AssemblyInstructionForTransformationFactory())); }
private static void OutputAssembly(byte[] codeBuffer, PeFile peFile) { fileCounter++; SharpDisasm.ArchitectureMode mode = SharpDisasm.ArchitectureMode.x86_32; // Configure the translator to output instruction addresses and instruction binary as hex SharpDisasm.Disassembler.Translator.IncludeAddress = true; SharpDisasm.Disassembler.Translator.IncludeBinary = true; // Create the disassembler var disasm = new SharpDisasm.Disassembler( codeBuffer, mode, 0, true); using (System.IO.StreamWriter file = new System.IO.StreamWriter("AssemblerOutput" + fileCounter.ToString() + ".txt")) { SharpDisasm.Instruction instruction = null; var instructionEnum = disasm.Disassemble().GetEnumerator(); foreach (var relocationDirectory in peFile.ImageRelocationDirectory) { foreach (var relocationOffset in relocationDirectory.TypeOffsets) { // Disassemble each instruction and output to console while (instructionEnum.MoveNext() && (instruction = instructionEnum.Current) != null && !IsOffsetInInstruction(instruction, relocationOffset)) { file.WriteLine(instruction.ToString()); } if (instruction != null) { file.WriteLine(instruction.ToString() + " Relocation Address: " + relocationOffset.Offset.ToString("X")); } } } } }