public void Disassemble_The_Correct_Number_Of_Instructions()
{
// arrange
var builder = new DebugEngineProxyBuilder();
builder.With32Bit(false);
builder.WithExecuteResult("u rip L2", @"KERNEL32!GetTimeFormatWWorker+0xc43:
00007ffa`51315543 6645898632010000 mov word ptr [r14+132h],r8w
00007ffa`5131554b 498d8630010000 lea rax,[r14+130h]
");
var facade = new DisassemblyFacade {
DebugEngineProxy = builder.Build()
};
var expected = new[]
{
new DisassemblyLine(0x00007ffa51315543, ByteArrayBuilder.StringToByteArray("6645898632010000"), "mov",
"word ptr [r14+132h],r8w"),
new DisassemblyLine(0x00007ffa5131554b, ByteArrayBuilder.StringToByteArray("498d8630010000"), "lea",
"rax,[r14+130h]")
};
// act
var lines = facade.GetDisassemblyLines(2);
// assert
lines.Should().Equal(expected);
}
/// <summary>
/// Gets the disassembly lines.
/// </summary>
/// <param name="threadId">The thread identifier.</param>
/// <param name="numInstructions">The number instructions.</param>
/// <returns>IEnumerable<DisassemblyLine></returns>
/// <exception cref="ArgumentOutOfRangeException">Number of instructions must be > 0</exception>
public IEnumerable <DisassemblyLine> GetDisassemblyLines(int threadId, int numInstructions)
{
if (numInstructions <= 0)
{
throw new ArgumentOutOfRangeException(nameof(numInstructions), "Number of instructions must be > 0");
}
var ipRegister = DebugEngineProxy.Is32Bit ? "eip" : "rip";
var instructionText = DebugEngineProxy.Execute(threadId, $"u {ipRegister} L{numInstructions:X}");
var matches = Regex.Matches(instructionText,
@"(?<ip>[a-fA-F0-9`]+)\s+(?<opcode>[a-fA-F0-9]+)\s+(?<ins>\w+)\s+(?<extra>.+)?");
var list = new List <DisassemblyLine>();
foreach (var match in matches.Cast <Match>())
{
var ip = match.Groups["ip"].Success
? Convert.ToUInt64(match.Groups["ip"].Value.Replace("`", ""), 16)
: 0;
byte[] opcode = null;
if (match.Groups["opcode"].Success)
{
opcode = ByteArrayBuilder.StringToByteArray(match.Groups["opcode"].Value);
}
var instruction = match.Groups["ins"].Success ? match.Groups["ins"].Value : "";
var note = match.Groups["extra"].Success ? match.Groups["extra"].Value : "";
var newLine = new DisassemblyLine(ip, opcode, instruction, note);
list.Add(newLine);
}
return(list);
}
public void Get_The_Current_Frame_Correctly()
{
// arrange
var engBuilder = new DebugEngineProxyBuilder();
engBuilder.WithExecuteResult("!positions", @">Thread ID=0x7590 - Position: 168CC:0
Thread ID=0x12A0 - Position: 211F5:0
Thread ID=0x6CDC - Position: 21D59:0
Thread ID=0x2984 - Position: 21DFE:0
Thread ID=0x3484 - Position: 21ECA:0
Thread ID=0x60B4 - Position: 2414F:0
Thread ID=0x1F54 - Position: 241DE:0
");
engBuilder.With32Bit(false);
engBuilder.WithThreadId(0x7590);
var stackBuilder = new StackFacadeBuilder();
var stackTrace = new StackTrace(new List <StackFrame>());
stackBuilder.WithGetCurrentStackTrace(stackTrace);
var registerSet = new RegisterSet();
var registerBuilder = new RegisterFacadeBuilder();
registerBuilder.WithGetCurrentRegisterSet(Register.All, registerSet);
var disassemblyLine = new DisassemblyLine(0x00007ffa51315595, ByteArrayBuilder.StringToByteArray("4d3bd1"),
"cmp", "r10,r9");
var disBuilder = new DisassemblyFacadeBuilder();
disBuilder.WithGetDisassemblyLines(1, new[] { disassemblyLine });
var facade = new TimeTravelFacade
{
DebugEngineProxy = engBuilder.Build(),
StackFacade = stackBuilder.Build(),
RegisterFacade = registerBuilder.Build(),
DisassemblyFacade = disBuilder.Build()
};
// act
var frame = facade.GetCurrentFrame();
// assert
frame.Position.Should().Be(new Position(0x168CC, 0));
frame.DisassemblyLine.Should().Be(disassemblyLine);
frame.RegisterSet.Should().Be(registerSet);
frame.StackTrace.Should().Be(stackTrace);
frame.ThreadId.Should().Be(0x7590);
}
/// <summary>
/// Convert a frame entity to a frame domain object.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="context">The context.</param>
/// <returns>The corresponding domain object for the provided entity</returns>
/// <inheritdoc />
public Frame ToDomain(FrameEntity entity, IMcFlyContext context)
{
var frame = new Frame();
frame.Position = new Position(entity.PosHi, entity.PosLo);
frame.ThreadId = entity.ThreadId;
frame.DisassemblyLine = ExtractDisassemblyLine(entity);
frame.StackTrace = ExtractStackTrace(entity);
frame.RegisterSet = new RegisterSet();
frame.RegisterSet.Brfrom = entity.Brfrom?.ToULong();
frame.RegisterSet.Brto = entity.Brto?.ToULong();
frame.RegisterSet.Cs = entity.Cs?.ToUShort();
frame.RegisterSet.Dr0 = entity.Dr0?.ToULong();
frame.RegisterSet.Dr1 = entity.Dr1?.ToULong();
frame.RegisterSet.Dr2 = entity.Dr2?.ToULong();
frame.RegisterSet.Dr3 = entity.Dr3?.ToULong();
frame.RegisterSet.Dr6 = entity.Dr6?.ToULong();
frame.RegisterSet.Dr7 = entity.Dr7?.ToULong();
frame.RegisterSet.Ds = entity.Ds?.ToUShort();
frame.RegisterSet.Efl = entity.Efl?.ToUInt();
frame.RegisterSet.Es = entity.Es?.ToUShort();
frame.RegisterSet.Exfrom = entity.Exfrom?.ToULong();
frame.RegisterSet.Exto = entity.Exto?.ToULong();
frame.RegisterSet.Fpcw = entity.Fpcw?.ToUShort();
frame.RegisterSet.Fpsw = entity.Fpsw?.ToUShort();
frame.RegisterSet.Fptw = entity.Fptw?.ToUShort();
frame.RegisterSet.Fopcode = entity.Fopcode?.ToUShort();
frame.RegisterSet.Fpip = entity.Fpip?.ToUInt();
frame.RegisterSet.Fpipsel = entity.Fpipsel?.ToUInt();
frame.RegisterSet.Fpdp = entity.Fpdp?.ToUInt();
frame.RegisterSet.Fpdpsel = entity.Fpdpsel?.ToUInt();
frame.RegisterSet.Fs = entity.Fs?.ToUShort();
frame.RegisterSet.Gs = entity.Gs?.ToUShort();
frame.RegisterSet.Mm0 = entity.Mm0?.ToULong();
frame.RegisterSet.Mm1 = entity.Mm1?.ToULong();
frame.RegisterSet.Mm2 = entity.Mm2?.ToULong();
frame.RegisterSet.Mm3 = entity.Mm3?.ToULong();
frame.RegisterSet.Mm4 = entity.Mm4?.ToULong();
frame.RegisterSet.Mm5 = entity.Mm5?.ToULong();
frame.RegisterSet.Mm6 = entity.Mm6?.ToULong();
frame.RegisterSet.Mm7 = entity.Mm7?.ToULong();
frame.RegisterSet.Mxcsr = entity.Mxcsr?.ToUInt();
frame.RegisterSet.St0 = ByteArrayBuilder.StringToByteArray(entity.St0, true);
frame.RegisterSet.St1 = ByteArrayBuilder.StringToByteArray(entity.St1, true);
frame.RegisterSet.St2 = ByteArrayBuilder.StringToByteArray(entity.St2, true);
frame.RegisterSet.St3 = ByteArrayBuilder.StringToByteArray(entity.St3, true);
frame.RegisterSet.St4 = ByteArrayBuilder.StringToByteArray(entity.St4, true);
frame.RegisterSet.St5 = ByteArrayBuilder.StringToByteArray(entity.St5, true);
frame.RegisterSet.St6 = ByteArrayBuilder.StringToByteArray(entity.St6, true);
frame.RegisterSet.St7 = ByteArrayBuilder.StringToByteArray(entity.St7, true);
frame.RegisterSet.R10 = entity.R10?.ToULong();
frame.RegisterSet.R11 = entity.R11?.ToULong();
frame.RegisterSet.R12 = entity.R12?.ToULong();
frame.RegisterSet.R13 = entity.R13?.ToULong();
frame.RegisterSet.R14 = entity.R14?.ToULong();
frame.RegisterSet.R15 = entity.R15?.ToULong();
frame.RegisterSet.R8 = entity.R8?.ToULong();
frame.RegisterSet.R9 = entity.R9?.ToULong();
frame.RegisterSet.Rax = entity.Rax?.ToULong();
frame.RegisterSet.Rbp = entity.Rbp?.ToULong();
frame.RegisterSet.Rbx = entity.Rbx?.ToULong();
frame.RegisterSet.Rcx = entity.Rcx?.ToULong();
frame.RegisterSet.Rdi = entity.Rdi?.ToULong();
frame.RegisterSet.Rdx = entity.Rdx?.ToULong();
frame.RegisterSet.Rip = entity.Rip?.ToULong();
frame.RegisterSet.Rsi = entity.Rsi?.ToULong();
frame.RegisterSet.Rsp = entity.Rsp?.ToULong();
frame.RegisterSet.Ss = entity.Ss?.ToUShort();
frame.RegisterSet.Ymm0 = ByteArrayBuilder.StringToByteArray(entity.Ymm0, true);
frame.RegisterSet.Ymm1 = ByteArrayBuilder.StringToByteArray(entity.Ymm1, true);
frame.RegisterSet.Ymm2 = ByteArrayBuilder.StringToByteArray(entity.Ymm2, true);
frame.RegisterSet.Ymm3 = ByteArrayBuilder.StringToByteArray(entity.Ymm3, true);
frame.RegisterSet.Ymm4 = ByteArrayBuilder.StringToByteArray(entity.Ymm4, true);
frame.RegisterSet.Ymm5 = ByteArrayBuilder.StringToByteArray(entity.Ymm5, true);
frame.RegisterSet.Ymm6 = ByteArrayBuilder.StringToByteArray(entity.Ymm6, true);
frame.RegisterSet.Ymm7 = ByteArrayBuilder.StringToByteArray(entity.Ymm7, true);
frame.RegisterSet.Ymm8 = ByteArrayBuilder.StringToByteArray(entity.Ymm8, true);
frame.RegisterSet.Ymm9 = ByteArrayBuilder.StringToByteArray(entity.Ymm9, true);
frame.RegisterSet.Ymm10 = ByteArrayBuilder.StringToByteArray(entity.Ymm10, true);
frame.RegisterSet.Ymm11 = ByteArrayBuilder.StringToByteArray(entity.Ymm11, true);
frame.RegisterSet.Ymm12 = ByteArrayBuilder.StringToByteArray(entity.Ymm12, true);
frame.RegisterSet.Ymm13 = ByteArrayBuilder.StringToByteArray(entity.Ymm13, true);
frame.RegisterSet.Ymm14 = ByteArrayBuilder.StringToByteArray(entity.Ymm14, true);
frame.RegisterSet.Ymm15 = ByteArrayBuilder.StringToByteArray(entity.Ymm15, true);
return(frame);
}
/// <summary>
/// Extracts the disassembly line.
/// </summary>
/// <param name="entity">The entity.</param>
/// <returns>DisassemblyLine.</returns>
internal DisassemblyLine ExtractDisassemblyLine(FrameEntity entity)
{
return(new DisassemblyLine(entity.Rip?.ToULong(),
ByteArrayBuilder.StringToByteArray(entity.OpCode), entity.OpCodeMnemonic,
entity.DisassemblyNote));
}