public static unsafe DecomposedResult Decompose(CodeInfo nci, int maxInstructions) { CodeInfoStruct *ci = null; DecomposedInstructionStruct *insts = null; var gch = new GCHandle(); var usedInstructionsCount = 0; try { if ((ci = AcquireCodeInfoStruct(nci, out gch)) == null) { throw new OutOfMemoryException(); } var dr = new DecomposedResult(maxInstructions); distorm_decompose64(ci, dr.InstructionsPointer, maxInstructions, &usedInstructionsCount); dr.UsedInstructions = usedInstructionsCount; return(dr); } finally { if (gch.IsAllocated) { gch.Free(); } if (ci != null) { Free(ci); } } }
private static unsafe void Main(string[] args) { var buf = new byte[4]; buf[0] = (byte) 0xc3; buf[1] = (byte) 0x33; buf[2] = (byte) 0xc0; buf[3] = (byte) 0xc3; var ci = new CodeInfo((long) 0x1000, buf, DecodeType.Decode32Bits, 0); var dr = new DecodedResult(10); diStorm3.Decode(ci, dr); foreach (var x in dr.Instructions) { var s = String.Format("{0:X} {1} {2}", x.Offset, x.Mnemonic, x.Operands); Console.WriteLine(s); } var dr2 = new DecomposedResult(10); diStorm3.Decompose(ci, dr2); foreach (var y in dr2.Instructions) { if (y.Opcode != Opcode.RET) { var x = diStorm3.Format(ci, y); var s = String.Format("{0:X} {1} {2}", x.Offset, x.Mnemonic, x.Operands); Console.WriteLine(s); } } }
public static unsafe void Decompose(CodeInfo nci, DecomposedResult ndr) { _CodeInfo *ci = null; _DInst * insts = null; var gch = new GCHandle(); var usedInstructionsCount = 0; try { if ((ci = AcquireCodeInfoStruct(nci, out gch)) == null) { throw new OutOfMemoryException(); } var maxInstructions = ndr.MaxInstructions; if ((insts = (_DInst *)Malloc(maxInstructions * sizeof(_DInst))) == null) { throw new OutOfMemoryException(); } distorm_decompose64(ci, insts, maxInstructions, &usedInstructionsCount); var dinsts = new DecomposedInst[usedInstructionsCount]; for (var i = 0; i < usedInstructionsCount; i++) { var di = new DecomposedInst { Address = insts[i].addr, Flags = insts[i].flags, Size = insts[i].size, _segment = insts[i].segment, Base = insts[i].ibase, Scale = insts[i].scale, Opcode = (Opcode)insts[i].opcode, UnusedPrefixesMask = insts[i].unusedPrefixesMask, Meta = insts[i].meta, RegistersMask = insts[i].usedRegistersMask, ModifiedFlagsMask = insts[i].modifiedFlagsMask, TestedFlagsMask = insts[i].testedFlagsMask, UndefinedFlagsMask = insts[i].undefinedFlagsMask }; /* Simple fields: */ /* Immediate variant. */ var immVariant = new DecomposedInst.ImmVariant { Imm = insts[i].imm.qword, Size = 0 }; /* The size of the immediate is in one of the operands, if at all. Look for it below. Zero by default. */ /* Count operands. */ var operandsNo = 0; for (operandsNo = 0; operandsNo < _DInst.OPERANDS_NO; operandsNo++) { if (insts[i].ops[operandsNo].type == OperandType.None) { break; } } var ops = new Operand[operandsNo]; for (var j = 0; j < operandsNo; j++) { if (insts[i].ops[j].type == OperandType.Imm) { /* Set the size of the immediate operand. */ immVariant.Size = insts[i].ops[j].size; } var op = new Operand { Type = insts[i].ops[j].type, Index = insts[i].ops[j].index, Size = insts[i].ops[j].size }; ops[j] = op; } di.Operands = ops; /* Attach the immediate variant. */ di.Imm = immVariant; /* Displacement variant. */ var disp = new DecomposedInst.DispVariant { Displacement = insts[i].disp, Size = insts[i].dispSize }; di.Disp = disp; dinsts[i] = di; } ndr.Instructions = dinsts; } finally { if (gch.IsAllocated) { gch.Free(); } if (ci != null) { Free(ci); } if (insts != null) { Free(insts); } } }
public static unsafe DecomposedResult Decompose(CodeInfo nci, int maxInstructions) { CodeInfoStruct* ci = null; DecomposedInstructionStruct* insts = null; var gch = new GCHandle(); var usedInstructionsCount = 0; try { if ((ci = AcquireCodeInfoStruct(nci, out gch)) == null) throw new OutOfMemoryException(); var dr = new DecomposedResult(maxInstructions); distorm_decompose64(ci, dr.InstructionsPointer, maxInstructions, &usedInstructionsCount); dr.UsedInstructions = usedInstructionsCount; return dr; } finally { if (gch.IsAllocated) gch.Free(); if (ci != null) Free(ci); } }
public static unsafe void Decompose(CodeInfo nci, DecomposedResult ndr) { _CodeInfo* ci = null; _DInst* insts = null; var gch = new GCHandle(); var usedInstructionsCount = 0; try { if ((ci = AcquireCodeInfoStruct(nci, out gch)) == null) throw new OutOfMemoryException(); var maxInstructions = ndr.MaxInstructions; if ((insts = (_DInst*) Malloc(maxInstructions*sizeof (_DInst))) == null) throw new OutOfMemoryException(); distorm_decompose64(ci, insts, maxInstructions, &usedInstructionsCount); var dinsts = new DecomposedInst[usedInstructionsCount]; for (var i = 0; i < usedInstructionsCount; i++) { var di = new DecomposedInst { Address = insts[i].addr, Flags = insts[i].flags, Size = insts[i].size, _segment = insts[i].segment, Base = insts[i].ibase, Scale = insts[i].scale, Opcode = (Opcode) insts[i].opcode, UnusedPrefixesMask = insts[i].unusedPrefixesMask, Meta = insts[i].meta, RegistersMask = insts[i].usedRegistersMask, ModifiedFlagsMask = insts[i].modifiedFlagsMask, TestedFlagsMask = insts[i].testedFlagsMask, UndefinedFlagsMask = insts[i].undefinedFlagsMask }; /* Simple fields: */ /* Immediate variant. */ var immVariant = new DecomposedInst.ImmVariant { Imm = insts[i].imm.qword, Size = 0 }; /* The size of the immediate is in one of the operands, if at all. Look for it below. Zero by default. */ /* Count operands. */ var operandsNo = 0; for (operandsNo = 0; operandsNo < _DInst.OPERANDS_NO; operandsNo++) { if (insts[i].ops[operandsNo].type == OperandType.None) break; } var ops = new Operand[operandsNo]; for (var j = 0; j < operandsNo; j++) { if (insts[i].ops[j].type == OperandType.Imm) { /* Set the size of the immediate operand. */ immVariant.Size = insts[i].ops[j].size; } var op = new Operand { Type = insts[i].ops[j].type, Index = insts[i].ops[j].index, Size = insts[i].ops[j].size }; ops[j] = op; } di.Operands = ops; /* Attach the immediate variant. */ di.Imm = immVariant; /* Displacement variant. */ var disp = new DecomposedInst.DispVariant { Displacement = insts[i].disp, Size = insts[i].dispSize }; di.Disp = disp; dinsts[i] = di; } ndr.Instructions = dinsts; } finally { if (gch.IsAllocated) gch.Free(); if (ci != null) Free(ci); if (insts != null) Free(insts); } }