/// <summary>
/// Tests the BeaEngineCS.Disasm() function.
/// </summary>
/// <returns>Returns true if the test passed.</returns>
private static bool DisasmTest()
{
int dataSize = 0x100;
IntPtr data = Marshal.AllocHGlobal(dataSize);
for (int i = 0; i < dataSize; ++i)
{
Marshal.WriteByte(IntPtr.Add(data, i), 0);
}
BeaEngine._Disasm inst = new BeaEngine._Disasm();
inst.InstructionPointer = (UIntPtr)data.ToInt64();
int len = BeaEngine.Disassemble(ref inst);
if (len == BeaEngine.UnknownOpcode)
{
Console.Error.WriteLine("Unknown opcode.");
return(false);
}
else if (len == BeaEngine.OutOfBlock)
{
Console.Error.WriteLine("Out of block.");
return(false);
}
else
{
return(inst.CompleteInstr.Equals("add byte ptr [eax], al"));
}
}
/// <summary>
/// Initializes a new instance of the Instruction class, using a BeaEngine instruction.
/// </summary>
/// <param name="inst">the BeaEngine instruction</param>
internal Instruction(BeaEngine._Disasm inst)
{
this.Address = (IntPtr)inst.VirtualAddr;
this.Mnemonic = inst.Instruction.Mnemonic;
this.stringRepresentation = inst.CompleteInstr;
this.BranchTarget = (IntPtr)inst.Instruction.AddrValue;
this.FlowType = Instruction.GetFlowControl(this.Mnemonic);
this.NumBytes = (uint)inst.Length;
this.Arg1 = new InstructionArgument(inst.Argument1);
this.Arg2 = new InstructionArgument(inst.Argument2);
this.Arg3 = new InstructionArgument(inst.Argument3);
}
private static void doStuff(ref byte[] bytes)
{
uint[] rva = masker.GetRVA(ref bytes);
if (rva.Length < 3)
{
return;
}
int[] locs = masker.GetAddressMaskLocs(ref bytes, rva);
UnmanagedBuffer buffer = new UnmanagedBuffer(ref bytes);
BeaEngine._Disasm disasm = new BeaEngine._Disasm();
ulong begin = (ulong)buffer.Ptr.ToInt64();
disasm.InstructionPointer = (UIntPtr)(begin + rva[0]);
disasm.Options |= BeaEngine.SpecialInfo.NasmSyntax;
ulong loc;
int result;
string bytesStr;
for (int counter = 0; counter < 100; counter++) // First 100 lines of disassembly code.
{
result = BeaEngine.Disassemble(ref disasm);
if (result == BeaEngine.UnknownOpcode || result == BeaEngine.OutOfBlock)
{
break;
}
loc = disasm.InstructionPointer.ToUInt64() - begin;
bytesStr = "";
for (int i = 0; i < result; i++)
{
bytesStr += (Array.IndexOf <int>(locs, (int)loc + i) < 0) ? bytes[loc + (ulong)i].ToString("X2") + " " : "?? ";
}
Console.WriteLine(string.Format("0x{0,-6:X} {1,-30} {2}", loc, bytesStr.Trim(), disasm.CompleteInstr));
disasm.InstructionPointer = (UIntPtr)(disasm.InstructionPointer.ToUInt64() + (ulong)result);
}
}
