/// <summary> /// Create a Disassembler. /// </summary> /// <param name="architecture"> /// The disassembler's architecture. /// </param> /// <param name="mode"> /// The disassembler's mode. /// </param> protected CapstoneDisassembler(DisassembleArchitecture architecture, DisassembleMode mode) { this._architecture = architecture; this._mode = mode; this._handle = NativeCapstone.Create(this._architecture, this._mode); this.EnableDetails = false; this.Syntax = DisassembleSyntaxOptionValue.Default; }
/// <summary> /// Build an Instruction. /// </summary> /// <param name="disassembler"> /// A disassembler. /// </param> /// <param name="hInstruction"> /// An instruction handle. /// </param> internal virtual void Build(CapstoneDisassembler disassembler, NativeInstructionHandle hInstruction) { // ... // // Throws an exception if the operation fails. var nativeInstruction = NativeCapstone.GetInstruction(hInstruction); this.Address = nativeInstruction.Address; this.DisassembleArchitecture = disassembler.DisassembleArchitecture; this.DisassembleMode = this.CreateDisassembleMode(disassembler.NativeDisassembleMode); this.Id = this.CreateId(nativeInstruction.Id); this.IsSkippedData = disassembler.EnableSkipDataMode && !(nativeInstruction.Id > 0); this.Mnemonic = !CapstoneDisassembler.IsDietModeEnabled ? nativeInstruction.Mnemonic : null; this.Operand = !CapstoneDisassembler.IsDietModeEnabled ? nativeInstruction.Operand : null; // ... // // ... SetBytes(this, ref nativeInstruction); SetDetails(this, disassembler, hInstruction, ref nativeInstruction); // <summary> // Set Instruction's Machine Bytes. // </summary> void SetBytes(InstructionBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TId, TRegister, TRegisterId> @this, ref NativeInstruction cNativeInstruction) { @this.Bytes = new byte[0]; if (cNativeInstruction.Id >= 0) { @this.Bytes = new byte[cNativeInstruction.Size]; for (var cI = 0; cI < @this.Bytes.Length; cI++) { @this.Bytes[cI] = cNativeInstruction.Bytes[cI]; } } } // <summary> // Set Instruction's Details. // </summary> void SetDetails(InstructionBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, NativeInstructionHandle cHInstruction, ref NativeInstruction cNativeInstruction) { var cHasDetails = cNativeInstruction.Details != IntPtr.Zero; var cIsInstructionDetailsEnabled = cDisassembler.EnableInstructionDetails; @this.Details = null; if (cHasDetails && cIsInstructionDetailsEnabled && cNativeInstruction.Id > 0) { @this.Details = @this.CreateDetails(cDisassembler, cHInstruction); } } }
/// <summary> /// Create a Native Capstone. /// </summary> static NativeCapstone() { OperatingSystem os = Environment.OSVersion; PlatformID pid = os.Platform; switch (pid) { case PlatformID.Win32NT: case PlatformID.Win32S: case PlatformID.Win32Windows: case PlatformID.WinCE: NativeCapstone.LoadLibrary(); break; } }
/// <summary> /// Disable Disassemble Details Option. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <exception cref="System.InvalidOperationException"> /// Thrown if the disassemble details option could not be disabled. /// </exception> public static void DisableDetailOption(SafeCapstoneHandle handle) { NativeCapstone.SetDisassembleDetails(handle, false); }
/// <summary> /// Enable Intel Disassemble Syntax Option. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <exception cref="System.InvalidOperationException"> /// Thrown if the disassemble syntax option could not be set. /// </exception> public static void EnableIntelDisassembleSyntaxOption(SafeCapstoneHandle handle) { NativeCapstone.SetDisassembleSyntaxOption(handle, DisassembleSyntaxOptionValue.Intel); }
/// <summary> /// Enable Default Disassemble Syntax Option. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <exception cref="System.InvalidOperationException"> /// Thrown if the disassemble syntax option could not be set. /// </exception> public static void EnableDefaultDisassembleSyntaxOption(SafeCapstoneHandle handle) { NativeCapstone.SetDisassembleSyntaxOption(handle, DisassembleSyntaxOptionValue.Default); }
/// <summary> /// Enable Disassemble Details Option. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <exception cref="System.InvalidOperationException"> /// Thrown if the disassemble details option could not be enabled. /// </exception> public static void EnableDisassembleDetails(SafeCapstoneHandle handle) { NativeCapstone.SetDisassembleDetails(handle, true); }
/// <summary> /// Disassemble All Binary Code. /// </summary> /// <remarks> /// Convenient method to disassemble binary code with the assumption that the address of the first /// instruction in the collection of bytes to disassemble is 0x1000. Equivalent to calling /// <c>NativeCapstone.DisassembleAll(handle, code, 0x1000)</c>. /// </remarks> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <param name="code"> /// A collection of bytes representing the binary code to disassemble. Should not be a null reference. /// </param> /// <returns> /// A native instruction handle. /// </returns> /// <exception cref="System.InvalidOperationException"> /// Thrown if the binary code could not be disassembled. /// </exception> public static SafeNativeInstructionHandle DisassembleAll(SafeCapstoneHandle handle, byte[] code) { var instructions = NativeCapstone.DisassembleAll(handle, code, 0x1000); return(instructions); }
/// <summary> /// Disassemble Binary Code. /// </summary> /// <remarks> /// Convenient method to disassemble binary code with the assumption that the address of the first /// instruction in the collection of bytes to disassemble is 0x1000. Equivalent to calling /// <c>NativeCapstone.Disassemble(handle, code, 0x1000, count)</c>. /// </remarks> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <param name="code"> /// A collection of bytes representing the binary code to disassemble. Should not be a null reference. /// </param> /// <param name="count"> /// The number of instructions to disassemble. A 0 indicates all instructions should be disassembled. /// </param> /// <returns> /// A native instruction handle. /// </returns> /// <exception cref="System.InvalidOperationException"> /// Thrown if the binary code could not be disassembled. /// </exception> // public static SafeNativeInstructionHandle Disassemble(SafeCapstoneHandle handle, byte[] code, int count) { // var instructionHandle = NativeCapstone.Disassemble(handle, code, 0x1000, count); // return instructionHandle; // } /// <summary> /// Disassemble All Binary Code. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <param name="code"> /// A collection of bytes representing the binary code to disassemble. Should not be a null reference. /// </param> /// <param name="startingAddress"> /// The address of the first instruction in the collection of bytes to disassemble. /// </param> /// <returns> /// A native instruction handle. /// </returns> /// <exception cref="System.InvalidOperationException"> /// Thrown if the binary code could not be disassembled. /// </exception> public static SafeNativeInstructionHandle DisassembleAll(SafeCapstoneHandle handle, byte[] code, ulong startingAddress) { var instructionHandle = NativeCapstone.Disassemble(handle, code, 0, startingAddress); return(instructionHandle); }
/// <summary> /// Create a Native Capstone. /// </summary> static NativeCapstone() { NativeCapstone.LoadLibrary(); }
/// <summary> /// Build an Instruction Detail. /// </summary> /// <param name="disassembler"> /// A disassembler. /// </param> /// <param name="hInstruction"> /// An instruction handle. /// </param> internal virtual void Build(CapstoneDisassembler disassembler, NativeInstructionHandle hInstruction) { // ... // // Throws an exception if the operation fails. var nativeInstructionDetail = NativeCapstone.GetInstructionDetail(hInstruction).GetValueOrDefault(); this.DisassembleArchitecture = disassembler.DisassembleArchitecture; this.DisassembleMode = this.CreateDisassembleMode(disassembler.NativeDisassembleMode); // ... // // ... SetAccessedRegisters(this, disassembler, hInstruction); SetGroups(this, disassembler, ref nativeInstructionDetail); SetImplicitlyReadRegisters(this, disassembler, ref nativeInstructionDetail); SetImplicitlyWrittenRegisters(this, disassembler, ref nativeInstructionDetail); // <summary> // Set Accessed Registers. // </summary> void SetAccessedRegisters(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, NativeInstructionHandle cHInstruction) { @this.AllReadRegisters = new TRegister[0]; @this.AllWrittenRegisters = new TRegister[0]; if (!CapstoneDisassembler.IsDietModeEnabled) { var isArchSupported = cDisassembler.DisassembleArchitecture != DisassembleArchitecture.M68K; isArchSupported = isArchSupported && cDisassembler.DisassembleArchitecture != DisassembleArchitecture.Mips; isArchSupported = isArchSupported && cDisassembler.DisassembleArchitecture != DisassembleArchitecture.PowerPc; isArchSupported = isArchSupported && cDisassembler.DisassembleArchitecture != DisassembleArchitecture.XCore; if (isArchSupported) { // ... // // Throws an exception if the operation fails. var cAccessedRegisters = NativeCapstone.GetAccessedRegisters(cDisassembler.Handle, cHInstruction); @this.AllReadRegisters = new TRegister[cAccessedRegisters.Item1.Length]; for (var cI = 0; cI < @this.AllReadRegisters.Length; cI++) { var cExplicitlyReadRegister = cAccessedRegisters.Item1[cI]; @this.AllReadRegisters[cI] = @this.CreateRegister(cDisassembler, cExplicitlyReadRegister); } @this.AllWrittenRegisters = new TRegister[cAccessedRegisters.Item2.Length]; for (var cI = 0; cI < @this.AllWrittenRegisters.Length; cI++) { var cExplicitlyWrittenRegister = cAccessedRegisters.Item2[cI]; @this.AllWrittenRegisters[cI] = @this.CreateRegister(cDisassembler, cExplicitlyWrittenRegister); } } } } // <summary> // Set Instruction's Groups. // </summary> void SetGroups(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, ref NativeInstructionDetail cNativeInstructionDetail) { @this.Groups = new TGroup[cNativeInstructionDetail.GroupCount]; if (!CapstoneDisassembler.IsDietModeEnabled) { for (var cI = 0; cI < @this.Groups.Length; cI++) { var cGroup = cNativeInstructionDetail.Groups[cI]; @this.Groups[cI] = @this.CreateInstructionGroup(cDisassembler, cGroup); } } } // <summary> // Set Implicitly Read Registers. // </summary> void SetImplicitlyReadRegisters(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, ref NativeInstructionDetail cNativeInstructionDetail) { @this.ImplicitlyReadRegisters = new TRegister[cNativeInstructionDetail.ImplicitlyReadRegisterCount]; if (!CapstoneDisassembler.IsDietModeEnabled) { for (var cI = 0; cI < @this.ImplicitlyReadRegisters.Length; cI++) { var cImplicitlyReadRegister = cNativeInstructionDetail.ImplicitlyReadRegisters[cI]; @this.ImplicitlyReadRegisters[cI] = @this.CreateRegister(cDisassembler, cImplicitlyReadRegister); } } } // <summary> // Set Implicitly Written Registers. // </summary> void SetImplicitlyWrittenRegisters(InstructionDetailBuilder <TDetail, TDisassembleMode, TGroup, TGroupId, TInstruction, TInstructionId, TRegister, TRegisterId> @this, CapstoneDisassembler cDisassembler, ref NativeInstructionDetail cNativeInstructionDetail) { @this.ImplicitlyWrittenRegisters = new TRegister[cNativeInstructionDetail.ImplicitlyWrittenRegisterCount]; if (!CapstoneDisassembler.IsDietModeEnabled) { for (var cI = 0; cI < @this.ImplicitlyWrittenRegisters.Length; cI++) { var cImplicitlyWrittenRegister = cNativeInstructionDetail.ImplicitlyWrittenRegisters[cI]; @this.ImplicitlyWrittenRegisters[cI] = @this.CreateRegister(cDisassembler, cImplicitlyWrittenRegister); } } } }
/// <summary> /// Disassemble Binary Code. /// </summary> /// <remarks> /// Convenient method to disassemble binary code with the assumption that the address of the first /// instruction in the collection of bytes to disassemble is 0x1000. Equivalent to calling /// <c>NativeCapstone.Disassemble(handle, code, 0x1000, count)</c>. /// </remarks> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <param name="code"> /// A collection of bytes representing the binary code to disassemble. Should not be a null reference. /// </param> /// <param name="count"> /// The number of instructions to disassemble. A 0 indicates all instructions should be disassembled. /// </param> /// <returns> /// A native instruction handle. /// </returns> /// <exception cref="System.InvalidOperationException"> /// Thrown if the binary code could not be disassembled. /// </exception> public static SafeNativeInstructionHandle Disassemble(SafeCapstoneHandle handle, byte[] code, int count) { var instructionHandle = NativeCapstone.Disassemble(handle, code, 0x1000, count); return(instructionHandle); }