예제 #1
0
        void Jmp_other_long()
        {
            var originalData = new byte[] {
                /*0000*/ 0xB0, 0x00,                   // mov al,0
                /*0002*/ 0xEB, 0x09,                   // jmp short 123456789ABCDE0Dh
                /*0004*/ 0xB0, 0x01,                   // mov al,1
                /*0006*/ 0xE9, 0x03, 0x00, 0x00, 0x00, // jmp near ptr 123456789ABCDE0Eh
                /*000B*/ 0xB0, 0x02,                   // mov al,2
            };
            var newData = new byte[] {
                /*0000*/ 0xB0, 0x00,                         // mov al,0
                /*0002*/ 0xFF, 0x25, 0x10, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000018h]
                /*0008*/ 0xB0, 0x01,                         // mov al,1
                /*000A*/ 0xFF, 0x25, 0x10, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000020h]
                /*0010*/ 0xB0, 0x02,                         // mov al,2
                /*0012*/ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
                /*0018*/ 0x0D, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0020*/ 0x0E, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
            };
            var expectedInstructionOffsets = new uint[] {
                0x0000,
                uint.MaxValue,
                0x0008,
                uint.MaxValue,
                0x0010,
            };
            var expectedRelocInfos = new RelocInfo[] {
                new RelocInfo(RelocKind.Offset64, 0x8000000000000018),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000020),
            };
            const BlockEncoderOptions options = BlockEncoderOptions.None;
            const ulong origRip = 0x123456789ABCDE00;

            EncodeBase(bitness, origRip, originalData, newRip, newData, options, decoderOptions, expectedInstructionOffsets, expectedRelocInfos);
        }
예제 #2
0
        void Call_near_other_long()
        {
            var originalData = new byte[] {
                /*0000*/ 0xE8, 0x07, 0x00, 0x00, 0x00, // call 123456789ABCDE0Ch
                /*0005*/ 0xB0, 0x00,                   // mov al,0
                /*0007*/ 0xB8, 0x78, 0x56, 0x34, 0x12, // mov eax,12345678h
            };
            var newData = new byte[] {
                /*0000*/ 0xFF, 0x15, 0x0A, 0x00, 0x00, 0x00, // call qword ptr [8000000000000010h]
                /*0006*/ 0xB0, 0x00,                         // mov al,0
                /*0008*/ 0xB8, 0x78, 0x56, 0x34, 0x12,       // mov eax,12345678h
                /*000D*/ 0xCC, 0xCC, 0xCC,
                /*0010*/ 0x0C, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
            };
            var expectedInstructionOffsets = new uint[] {
                uint.MaxValue,
                0x0006,
                0x0008,
            };
            var expectedRelocInfos = new RelocInfo[] {
                new RelocInfo(RelocKind.Offset64, 0x8000000000000010),
            };
            const BlockEncoderOptions options = BlockEncoderOptions.None;
            const ulong origRip = 0x123456789ABCDE00;

            EncodeBase(bitness, origRip, originalData, newRip, newData, options, decoderOptions, expectedInstructionOffsets, expectedRelocInfos);
        }
예제 #3
0
        void Jkcc_near_other_long()
        {
            var originalData = new byte[] {
                /*0000*/ 0xC5, 0xD0, 0x84, 0x0C, 0x00, 0x00, 0x00, // jkzd k5, near ptr 13h
                /*0007*/ 0xB0, 0x00,                               // mov al,0
                /*0009*/ 0xC5, 0xD0, 0x85, 0x04, 0x00, 0x00, 0x00, // jknzd k5, near ptr 14h
                /*0010*/ 0xB0, 0x01,                               // mov al,1
                /*0012*/ 0x90,                                     // nop
            };
            var newData = new byte[] {
                /*0000*/ 0xC4, 0xE0, 0x50, 0x75, 0x06,       // jknzd k5, short 0Bh
                /*0005*/ 0xFF, 0x25, 0x15, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000020h]
                /*000B*/ 0xB0, 0x00,                         // mov al,0
                /*000D*/ 0xC4, 0xE0, 0x50, 0x74, 0x06,       // jkzd k5, short 18h
                /*0012*/ 0xFF, 0x25, 0x10, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000028h]
                /*0018*/ 0xB0, 0x01,                         // mov al,1
                /*001A*/ 0x90,                               // nop
                /*001B*/ 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
                /*0020*/ 0x13, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0028*/ 0x14, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
            };
            var expectedInstructionOffsets = new uint[] {
                uint.MaxValue,
                0x000B,
                uint.MaxValue,
                0x0018,
                0x001A,
            };
            var expectedRelocInfos = new RelocInfo[] {
                new RelocInfo(RelocKind.Offset64, 0x8000000000000020),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000028),
            };
            const BlockEncoderOptions options = BlockEncoderOptions.None;
            const ulong origRip = 0x123456789ABCDE00;

            EncodeBase(bitness, origRip, originalData, newRip, newData, options, decoderOptions, expectedInstructionOffsets, expectedRelocInfos);
        }
예제 #4
0
파일: Block.cs 프로젝트: yang123vc/iced 
 public void AddRelocInfo(RelocInfo relocInfo) => relocInfos?.Add(relocInfo);
예제 #5
0
 /// <summary>
 /// Initializes a new instance of the <see cref="CompiledFunction"/> struct with the specified machine code,
 /// unwind info and relocation info.
 /// </summary>
 /// <param name="code">Machine code</param>
 /// <param name="unwindInfo">Unwind info</param>
 /// <param name="relocInfo">Relocation info</param>
 internal CompiledFunction(byte[] code, UnwindInfo unwindInfo, RelocInfo relocInfo)
 {
     Code       = code;
     UnwindInfo = unwindInfo;
     RelocInfo  = relocInfo;
 }
예제 #6
0
        void Br8_short_other_long()
        {
            var originalData = new byte[] {
                /*0000*/ 0xB0, 0x00,                // mov al,0
                /*0002*/ 0xE2, 0x22,                // loop 123456789ABCDE26h
                /*0004*/ 0xB0, 0x01,                // mov al,1
                /*0006*/ 0x67, 0xE2, 0x1E,          // loopd 123456789ABCDE27h
                /*0009*/ 0xB0, 0x02,                // mov al,2
                /*000B*/ 0xE1, 0x1B,                // loope 123456789ABCDE28h
                /*000D*/ 0xB0, 0x03,                // mov al,3
                /*000F*/ 0x67, 0xE1, 0x17,          // looped 123456789ABCDE29h
                /*0012*/ 0xB0, 0x04,                // mov al,4
                /*0014*/ 0xE0, 0x14,                // loopne 123456789ABCDE2Ah
                /*0016*/ 0xB0, 0x05,                // mov al,5
                /*0018*/ 0x67, 0xE0, 0x10,          // loopned 123456789ABCDE2Bh
                /*001B*/ 0xB0, 0x06,                // mov al,6
                /*001D*/ 0x67, 0xE3, 0x0C,          // jecxz 123456789ABCDE2Ch
                /*0020*/ 0xB0, 0x07,                // mov al,7
                /*0022*/ 0xE3, 0x09,                // jrcxz 123456789ABCDE2Dh
                /*0024*/ 0xB0, 0x08,                // mov al,8
            };
            var newData = new byte[] {
                /*0000*/ 0xB0, 0x00,                         // mov al,0
                /*0002*/ 0xE2, 0x02,                         // loop 8000000000000006h
                /*0004*/ 0xEB, 0x06,                         // jmp short 800000000000000Ch
                /*0006*/ 0xFF, 0x25, 0x5C, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000068h]
                /*000C*/ 0xB0, 0x01,                         // mov al,1
                /*000E*/ 0x67, 0xE2, 0x02,                   // loopd 8000000000000013h
                /*0011*/ 0xEB, 0x06,                         // jmp short 8000000000000019h
                /*0013*/ 0xFF, 0x25, 0x57, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000070h]
                /*0019*/ 0xB0, 0x02,                         // mov al,2
                /*001B*/ 0xE1, 0x02,                         // loope 800000000000001Fh
                /*001D*/ 0xEB, 0x06,                         // jmp short 8000000000000025h
                /*001F*/ 0xFF, 0x25, 0x53, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000078h]
                /*0025*/ 0xB0, 0x03,                         // mov al,3
                /*0027*/ 0x67, 0xE1, 0x02,                   // looped 800000000000002Ch
                /*002A*/ 0xEB, 0x06,                         // jmp short 8000000000000032h
                /*002C*/ 0xFF, 0x25, 0x4E, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000080h]
                /*0032*/ 0xB0, 0x04,                         // mov al,4
                /*0034*/ 0xE0, 0x02,                         // loopne 8000000000000038h
                /*0036*/ 0xEB, 0x06,                         // jmp short 800000000000003Eh
                /*0038*/ 0xFF, 0x25, 0x4A, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000088h]
                /*003E*/ 0xB0, 0x05,                         // mov al,5
                /*0040*/ 0x67, 0xE0, 0x02,                   // loopned 8000000000000045h
                /*0043*/ 0xEB, 0x06,                         // jmp short 800000000000004Bh
                /*0045*/ 0xFF, 0x25, 0x45, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000090h]
                /*004B*/ 0xB0, 0x06,                         // mov al,6
                /*004D*/ 0x67, 0xE3, 0x02,                   // jecxz 8000000000000052h
                /*0050*/ 0xEB, 0x06,                         // jmp short 8000000000000058h
                /*0052*/ 0xFF, 0x25, 0x40, 0x00, 0x00, 0x00, // jmp qword ptr [8000000000000098h]
                /*0058*/ 0xB0, 0x07,                         // mov al,7
                /*005A*/ 0xE3, 0x02,                         // jrcxz 800000000000005Eh
                /*005C*/ 0xEB, 0x06,                         // jmp short 8000000000000064h
                /*005E*/ 0xFF, 0x25, 0x3C, 0x00, 0x00, 0x00, // jmp qword ptr [80000000000000A0h]
                /*0064*/ 0xB0, 0x08,                         // mov al,8
                /*0066*/ 0xCC, 0xCC,
                /*0068*/ 0x26, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0070*/ 0x27, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0078*/ 0x28, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0080*/ 0x29, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0088*/ 0x2A, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0090*/ 0x2B, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*0098*/ 0x2C, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
                /*00A0*/ 0x2D, 0xDE, 0xBC, 0x9A, 0x78, 0x56, 0x34, 0x12,
            };
            var expectedInstructionOffsets = new uint[] {
                0x0000,
                uint.MaxValue,
                0x000C,
                uint.MaxValue,
                0x0019,
                uint.MaxValue,
                0x0025,
                uint.MaxValue,
                0x0032,
                uint.MaxValue,
                0x003E,
                uint.MaxValue,
                0x004B,
                uint.MaxValue,
                0x0058,
                uint.MaxValue,
                0x0064,
            };
            var expectedRelocInfos = new RelocInfo[] {
                new RelocInfo(RelocKind.Offset64, 0x8000000000000068),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000070),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000078),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000080),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000088),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000090),
                new RelocInfo(RelocKind.Offset64, 0x8000000000000098),
                new RelocInfo(RelocKind.Offset64, 0x80000000000000A0),
            };
            const BlockEncoderOptions options = BlockEncoderOptions.None;
            const ulong origRip = 0x123456789ABCDE00;

            EncodeBase(bitness, origRip, originalData, newRip, newData, options, decoderOptions, expectedInstructionOffsets, expectedRelocInfos);
        }