public static X86Disassembler CreateDisassemblerFromRVA(this Executables exe, long rva) { var asm = exe.Assembly; var reader = asm.ReadingContext.Reader.CreateSubReader(asm.RvaToFileOffset(rva)); var sec = asm.GetSectionHeaderByRva(rva); var dis = new AsmResolver.X86.X86Disassembler(reader, exe.BaseAddress + sec.VirtualAddress - sec.PointerToRawData); return(dis); }
public void SetCurrentFrame(IFrame currentFrame) { if (currentFrame == null || currentFrame.Function != _lastFunction) { instructionsListView.Items.Clear(); _lastFunction = null; } if (currentFrame != null) { if (currentFrame.Function == _lastFunction) { foreach (var item in instructionsListView.Items.Cast<X86InstructionListViewItem>()) item.UpdateItem(currentFrame); } else { _lastFunction = currentFrame.Function; var code = ((RuntimeFunction) currentFrame.Function).NativeCode; var mapping = code.GetILToNativeMapping().ToArray(); var bytes = code.GetBytes(); var reader = new MemoryStreamReader(bytes); var disassembler = new X86Disassembler(reader, (long) code.Address); while (reader.Position < reader.StartPosition + reader.Length) { try { int start = (int) reader.Position; var instruction = disassembler.ReadNextInstruction(); int end = (int) reader.Position; var instructionBytes = new byte[end - start]; Buffer.BlockCopy(bytes, start, instructionBytes, 0, end - start); var item = new X86InstructionListViewItem(instruction, instructionBytes); item.RelativeOffset = start; item.Mapping = mapping.FirstOrDefault( x => item.RelativeOffset >= x.NativeStartOffset && item.RelativeOffset < x.NativeEndOffset); item.UpdateItem(currentFrame); instructionsListView.Items.Add(item); } catch (IndexOutOfRangeException) { // HACK: ignore mnemonic choosing errors in disassembler } } } } }
private static void TestDisassembler(byte[] code, string source) { var reader = new MemoryStreamReader(code); var disassembler = new X86Disassembler(reader); var sourceLines = NormalizeSource(source).Split('\n'); var currentLine = 0; while (reader.Position < reader.Length) { var instruction = disassembler.ReadNextInstruction(); var formattedInstruction = _formatter.FormatInstruction(instruction); Assert.AreEqual(sourceLines[currentLine], formattedInstruction); currentLine++; } }
private static void TestSizeComputation(byte[] opcodes) { var reader = new MemoryStreamReader(opcodes); var disassembler = new X86Disassembler(reader); while (reader.Position < reader.Length) { var instruction = disassembler.ReadNextInstruction(); var expectedSize = reader.Position - instruction.Offset; var computeSize = instruction.ComputeSize(); if (expectedSize != computeSize) Assert.Fail("The instruction {0} has size {1}, but {2} was computed.", instruction, expectedSize, computeSize); } }
private static void ValidateCode(IReadOnlyList<X86Instruction> originalBody, byte[] assemblerOutput) { var formatter = new FasmX86Formatter(); var reader = new MemoryStreamReader(assemblerOutput); var disassembler = new X86Disassembler(reader); for (int i = 0; i < originalBody.Count; i++) { var newInstruction = disassembler.ReadNextInstruction(); Assert.AreEqual(formatter.FormatInstruction(originalBody[i]), formatter.FormatInstruction(newInstruction)); } }