private IntelInstruction Disassemble16(params byte[] bytes) { LoadedImage img = new LoadedImage(Address.SegPtr(0xC00, 0), bytes); ImageReader rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(rdr, PrimitiveType.Word16, PrimitiveType.Word16, false); return dasm.First(); }
private X86Instruction Disassemble32(params byte[] bytes) { var img = new LoadedImage(Address.Ptr32(0x10000), bytes); var rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(ProcessorMode.Protected32, rdr, PrimitiveType.Word32, PrimitiveType.Word32, false); return dasm.First(); }
private IntelInstruction Disassemble64(params byte[] bytes) { var img = new LoadedImage(Address.Ptr64(0x10000), bytes); var rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(rdr, PrimitiveType.Word32, PrimitiveType.Word64, true); return dasm.First(); }
private void RunTest(AssemblerFragment fragment, string sExp) { Address addrBase= Address.SegPtr(0xC00, 0); X86Assembler asm = new X86Assembler(new IntelArchitecture(ProcessorMode.Real), addrBase, new List<EntryPoint>()); fragment.Build(asm); Program lr = asm.GetImage(); X86Disassembler dasm = new X86Disassembler( lr.Image.CreateLeReader(lr.Image.BaseAddress), PrimitiveType.Word16, PrimitiveType.Word16, false); StringBuilder sb = new StringBuilder(); try { foreach (var instr in dasm) { sb.AppendFormat("{0}\t{1}", instr.Address, instr); sb.AppendLine(); } Assert.AreEqual(sExp, sb.ToString()); } catch { Console.WriteLine(sb.ToString()); throw; } }
private void CreateDisassembler32(LoadedImage image) { dasm = new X86Disassembler( image.CreateLeReader(image.BaseAddress), PrimitiveType.Word32, PrimitiveType.Word32, false); }
private void CreateDisassembler16(LoadedImage image) { dasm = new X86Disassembler( ProcessorMode.Real, image.CreateLeReader(image.BaseAddress), PrimitiveType.Word16, PrimitiveType.Word16, false); }
private X86Instruction Disassemble16(params byte[] bytes) { MemoryArea img = new MemoryArea(Address.SegPtr(0xC00, 0), bytes); ImageReader rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(ProcessorMode.Real, rdr, PrimitiveType.Word16, PrimitiveType.Word16, false); if (options != null) { dasm.Emulate8087 = options.Emulate8087; } return dasm.First(); }
private X86Instruction Disassemble64(params byte[] bytes) { var img = new MemoryArea(Address.Ptr64(0x10000), bytes); var rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler( ProcessorMode.Protected64, rdr, PrimitiveType.Word32, PrimitiveType.Word64, true); return dasm.First(); }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { if (!disasm.rdr.TryPeekByte(0, out byte b)) { return(null); } if (b == 0xC3) { // rep ret idiom. op = disasm.rdr.ReadByte(); return(s_aOpRec[b].Decode(disasm, op, opFormat)); } disasm.currentDecodingContext.F3Prefix = true; if (!disasm.rdr.TryReadByte(out op)) { return(null); } return(s_aOpRec[op].Decode(disasm, op, opFormat)); }
public override X86Instruction Decode(uint op, X86Disassembler disasm) { if (!disasm.TryEnsureModRM(out byte modRM)) { return(disasm.CreateInvalidInstruction()); } Decoder decoder; uint iDecoder = (op & 0x07) * 0x48; if (modRM < 0xC0) { decoder = fpuDecoders[iDecoder + ((modRM >> 3) & 0x07)]; } else { decoder = fpuDecoders[iDecoder + modRM - 0xB8]; } return(decoder.Decode(op, disasm)); }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { if (!disasm.TryEnsureModRM(out byte modRM)) { return(null); } Decoder opRec; int iOpRec = (op & 0x07) * 0x48; if (modRM < 0xC0) { opRec = s_aFpOpRec[iOpRec + ((modRM >> 3) & 0x07)]; } else { opRec = s_aFpOpRec[iOpRec + modRM - 0xB8]; } return(opRec.Decode(disasm, op, opFormat)); }
public override bool Decode(X86Disassembler disasm, byte op) { if (!disasm.TryEnsureModRM(out byte modRM)) { return(false); } Decoder decoder; int iOpRec = (op & 0x07) * 0x48; if (modRM < 0xC0) { decoder = s_aFpDecoders[iOpRec + ((modRM >> 3) & 0x07)]; } else { decoder = s_aFpDecoders[iOpRec + modRM - 0xB8]; } return(decoder.Decode(disasm, op)); }
public override bool Decode(X86Disassembler disasm, byte op) { if (!disasm.rdr.TryPeekByte(0, out byte b)) { return(false); } if (b == 0xC3) { // rep ret idiom. op = disasm.rdr.ReadByte(); return(s_aOpRec[b].Decode(disasm, op)); } disasm.decodingContext.F3Prefix = true; if (!disasm.rdr.TryReadByte(out op)) { return(false); } return(s_aOpRec[op].Decode(disasm, op)); }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { if (disasm.isRegisterExtensionEnabled) { disasm.currentDecodingContext.RegisterExtensionPrefixByte = op; if (disasm.currentDecodingContext.RegisterExtension.FlagWideValue) { disasm.dataWidth = PrimitiveType.Word64; } if (!disasm.rdr.TryReadByte(out var op2)) { return(null); } return(s_aOpRec[op2].Decode(disasm, op2, opFormat)); } else { return(base.Decode(disasm, op, opFormat)); } }
public override IntelInstruction Decode(X86Disassembler disasm, byte op, string opFormat) { byte b = disasm.rdr.PeekByte(0); if (b == 0x0F) { disasm.f3PrefixSeen = true; if (!disasm.rdr.TryReadByte(out op)) { return(null); } return(s_aOpRec[op].Decode(disasm, op, opFormat)); } if (b == 0xC3) { op = disasm.rdr.ReadByte(); return(s_aOpRec[b].Decode(disasm, op, opFormat)); } return(disasm.DecodeOperands(Opcode.rep, 0xF3, opFormat)); }
public override X86Instruction Decode(uint op, X86Disassembler disasm) { if (disasm.decodingContext.F2Prefix) { disasm.decodingContext.F2Prefix = false; disasm.decodingContext.F3Prefix = false; var instr = decoderF2.Decode(op, disasm); return(instr); } else if (disasm.decodingContext.F3Prefix) { disasm.decodingContext.F2Prefix = false; disasm.decodingContext.F3Prefix = false; var instr = decoderF3.Decode(op, disasm); return(instr); } else if (disasm.decodingContext.SizeOverridePrefix) { if (disasm.isRegisterExtensionEnabled && disasm.decodingContext.RegisterExtension.FlagWideValue) { disasm.decodingContext.dataWidth = PrimitiveType.Word64; return(decoder66Wide.Decode(op, disasm)); } else { disasm.decodingContext.dataWidth = disasm.defaultDataWidth; return(decoder66.Decode(op, disasm)); } } else { if (disasm.isRegisterExtensionEnabled && disasm.decodingContext.RegisterExtension.FlagWideValue) { return(decoderWide.Decode(op, disasm)); } else { return(this.decoderBase.Decode(op, disasm)); } } }
public override X86Instruction Decode(uint op, X86Disassembler disasm) { if (!disasm.TryEnsureModRM(out byte modRm)) { return(disasm.CreateInvalidInstruction()); } if (mutators != null) { foreach (var m in this.mutators) { if (!m(op, disasm)) { return(disasm.CreateInvalidInstruction()); } } } Decoder decoder = group[((modRm >> 3) & 0x07)]; return(decoder.Decode(op, disasm)); }
public override bool Decode(X86Disassembler disasm, byte op) { if (!disasm.TryEnsureModRM(out byte modRm)) { return(false); } if (mutators != null) { foreach (var m in this.mutators) { if (!m(op, disasm)) { return(false); } } } Decoder decoder = group[((modRm >> 3) & 0x07)]; return(decoder.Decode(disasm, op)); }
public override X86Instruction Decode(uint op, X86Disassembler disasm) { if (!disasm.rdr.TryPeekByte(0, out byte b)) { return(disasm.CreateInvalidInstruction()); } if (b == 0xC3) { // rep ret idiom. if (!disasm.TryReadByte(out byte opC3)) { return(disasm.CreateInvalidInstruction()); } return(rootDecoders[opC3].Decode(opC3, disasm)); } disasm.decodingContext.F3Prefix = true; if (!disasm.TryReadByte(out byte op2)) { return(disasm.CreateInvalidInstruction()); } return(rootDecoders[op2].Decode(op2, disasm)); }
public override bool Decode(X86Disassembler disasm, byte op) { if (disasm.isRegisterExtensionEnabled) { disasm.decodingContext.RegisterExtensionPrefixByte = op; if (disasm.decodingContext.RegisterExtension.FlagWideValue) { var w64 = PrimitiveType.Word64; disasm.decodingContext.dataWidth = w64; disasm.decodingContext.iWidth = w64; } if (!disasm.rdr.TryReadByte(out var op2)) { return(false); } return(s_aOpRec[op2].Decode(disasm, op2)); } else { return(base.Decode(disasm, op)); } }
public override bool Decode(X86Disassembler disasm, byte op) { if (disasm.decodingContext.F2Prefix) { var instr = decoderF2.Decode(disasm, op); disasm.decodingContext.F2Prefix = false; disasm.decodingContext.F3Prefix = false; return(instr); } else if (disasm.decodingContext.F3Prefix) { var instr = decoderF3.Decode(disasm, op); disasm.decodingContext.F2Prefix = false; disasm.decodingContext.F3Prefix = false; return(instr); } else if (disasm.decodingContext.SizeOverridePrefix) { if (disasm.isRegisterExtensionEnabled && disasm.decodingContext.RegisterExtension.FlagWideValue) { return(decoder66Wide.Decode(disasm, op)); } else { return(decoder66.Decode(disasm, op)); } } else { if (disasm.isRegisterExtensionEnabled && disasm.decodingContext.RegisterExtension.FlagWideValue) { return(decoderWide.Decode(disasm, op)); } else { return(this.decoderBase.Decode(disasm, op)); } } }
public override bool Decode(X86Disassembler disasm, byte op) { byte op2; switch (op) { case 0x38: if (!disasm.rdr.TryReadByte(out op2)) { return(false); } return(s_aOpRec0F38[op2].Decode(disasm, op2)); case 0x3A: if (!disasm.rdr.TryReadByte(out op2)) { return(false); } return(s_aOpRec0F3A[op2].Decode(disasm, op2)); default: return(false); } }
public override bool Decode(X86Disassembler disasm, byte op) { int grp = Group - 1; if (!disasm.TryEnsureModRM(out byte modRm)) { return(false); } if (mutators != null) { foreach (var m in this.mutators) { if (!m(op, disasm)) { return(false); } } } Decoder opRec = s_aOpRecGrp[grp * 8 + ((modRm >> 3) & 0x07)]; return(opRec.Decode(disasm, op)); }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { byte op2; switch (op) { case 0x38: if (!disasm.rdr.TryReadByte(out op2)) { return(null); } return(s_aOpRec0F38[op2].Decode(disasm, op2, "")); case 0x3A: if (!disasm.rdr.TryReadByte(out op2)) { return(null); } return(s_aOpRec0F3A[op2].Decode(disasm, op2, "")); default: return(null); } }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { if (!disasm.TryEnsureModRM(out byte modRm)) { return(null); } if ((modRm & 0xC0) == 0xC0) { var i = modRm & 0x07; if (i < regDecoders.Length) { return(regDecoders[i].Decode(disasm, op, opFormat)); } else { return(disasm.Illegal()); } } else { return(memDecoder.Decode(disasm, op, opFormat)); } }
public override X86Instruction Decode(uint op, X86Disassembler disasm) { if (!disasm.TryEnsureModRM(out byte modRm)) { return(disasm.CreateInvalidInstruction()); } if ((modRm & 0xC0) == 0xC0) { var i = modRm & 0x07; if (i < regDecoders.Length) { return(regDecoders[i].Decode(op, disasm)); } else { return(disasm.CreateInvalidInstruction()); } } else { return(memDecoder.Decode(op, disasm)); } }
public override bool Decode(X86Disassembler disasm, byte op) { if (!disasm.TryEnsureModRM(out byte modRm)) { return(false); } if ((modRm & 0xC0) == 0xC0) { var i = modRm & 0x07; if (i < regDecoders.Length) { return(regDecoders[i].Decode(disasm, op)); } else { return(false); } } else { return(memDecoder.Decode(disasm, op)); } }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { if (disasm.currentDecodingContext.F2Prefix) { var instr = decoderF2.Decode(disasm, op, opFormat); instr.repPrefix = 0; return(instr); } else if (disasm.currentDecodingContext.F3Prefix) { var instr = decoderF3.Decode(disasm, op, opFormat); instr.repPrefix = 0; return(instr); } else if (disasm.currentDecodingContext.SizeOverridePrefix) { if (disasm.isRegisterExtensionEnabled && disasm.currentDecodingContext.RegisterExtension.FlagWideValue) { return(decoder66Wide.Decode(disasm, op, opFormat)); } else { return(decoder66.Decode(disasm, op, opFormat)); } } else { if (disasm.isRegisterExtensionEnabled && disasm.currentDecodingContext.RegisterExtension.FlagWideValue) { return(decoderWide.Decode(disasm, op, opFormat)); } else { return(this.decoderBase.Decode(disasm, op, opFormat)); } } }
public override IntelInstruction Decode(X86Disassembler disasm, byte op, string opFormat) { disasm.segmentOverride = SegFromBits(seg); op = disasm.rdr.ReadByte(); return(s_aOpRec[op].Decode(disasm, op, opFormat)); }
public void AsConstantStore() { Address addr = Address.SegPtr(0x0C00, 0); var program = asm.AssembleFragment(addr, "mov [0x400],0x1234\n"); var dasm = new X86Disassembler( ProcessorMode.Real, program.Image.CreateLeReader(addr), PrimitiveType.Word16, PrimitiveType.Word16, false); Assert.AreEqual("mov\tword ptr [0400],1234", dasm.First().ToString()); }
public override X86Disassembler CreateDisassembler(ImageReader rdr, X86Options options) { var dasm = new X86Disassembler(this, rdr, PrimitiveType.Word16, PrimitiveType.Word16, false); if (options != null) { dasm.Emulate8087 = options.Emulate8087; } return dasm; }
public override bool Decode(X86Disassembler disasm, byte op) { // 62 must be the first byte. The presence of previous // prefixes is an error (according to Intel manual 2.6, vol 2A. var ctx = disasm.decodingContext; if (ctx.F2Prefix | ctx.F3Prefix | ctx.IsRegisterExtensionActive() | ctx.SizeOverridePrefix) { return(false); } // The EVEX prefix consists of a leading 0x62 byte, and three // packed payload bytes P0, P1, and P2. //$TODO: this is incomplete: there are many missing flags. if (!disasm.rdr.TryReadByte(out byte p0)) { return(false); } if (!disasm.rdr.TryReadByte(out byte p1)) { return(false); } if (!disasm.rdr.TryReadByte(out byte p2)) { return(false); } if (p0Reserved.Read(p0) != 0) { return(false); } if (p1Reserved.Read(p1) != 1) { return(false); } var pp = p1 & 3; var rxb = p0 >> 5; var w = p1 >> 7; var vvvv = p1Vvvv.Read(p1); ctx.IsVex = true; ctx.VexRegister = (byte)vvvv; ctx.VexLong = (op & 4) != 0; ctx.RegisterExtension.FlagWideValue = w != 0; ctx.RegisterExtension.FlagTargetModrmRegister = (rxb & 4) == 0; ctx.RegisterExtension.FlagTargetSIBIndex = (rxb & 2) == 0; ctx.RegisterExtension.FlagTargetModrmRegOrMem = (rxb & 1) == 0; ctx.F2Prefix = pp == 3; ctx.F3Prefix = pp == 2; ctx.SizeOverridePrefix = pp == 1; Decoder[] decoders; switch (pp) { case 2: decoders = s_decoders0F38; break; case 3: decoders = s_decoders0F3A; break; default: decoders = s_decoders0F; break; } if (!disasm.rdr.TryReadByte(out op)) { return(false); } return(decoders[op].Decode(disasm, op)); }
public override X86Instruction Decode(X86Disassembler disasm, byte op, string opFormat) { return(disasm.NotYetImplemented(message)); }
private void CreateDisassembler16(ImageReader rdr) { dasm = new X86Disassembler( ProcessorMode.Real, rdr, PrimitiveType.Word16, PrimitiveType.Word16, false); }
public abstract IntelInstruction Decode(X86Disassembler disasm, byte op, string opFormat);
public abstract bool Decode(X86Disassembler disasm, byte op);
private void CreateDisassembler16(MemoryArea mem) { dasm = new X86Disassembler( ProcessorMode.Real, mem.CreateLeReader(mem.BaseAddress), PrimitiveType.Word16, PrimitiveType.Word16, false); if (options != null) { dasm.Emulate8087 = options.Emulate8087; } }
private void CreateDisassembler32(MemoryArea image) { dasm = new X86Disassembler( ProcessorMode.Protected32, image.CreateLeReader(image.BaseAddress), PrimitiveType.Word32, PrimitiveType.Word32, false); }
public override bool Decode(X86Disassembler disasm, byte op) { disasm.NotYetImplemented(message); return(false); }
private FstswChainMatcher GetMatcher() { Program lr = asm.GetImage(); X86Disassembler dasm = new X86Disassembler( lr.Image.CreateLeReader(0), PrimitiveType.Word32, PrimitiveType.Word32, false); instrs = new List<IntelInstruction>(); return new FstswChainMatcher(dasm.ToArray(), orw); }
public void X86Dis_RelocatedOperand() { byte[] image = new byte[] { 0xB8, 0x78, 0x56, 0x34, 0x12 }; // mov eax,0x12345678 LoadedImage img = new LoadedImage(Address.Ptr32(0x00100000), image); img.Relocations.AddPointerReference(0x00100001ul - img.BaseAddress.ToLinear(), 0x12345678); ImageReader rdr = img.CreateLeReader(img.BaseAddress); X86Disassembler dasm = new X86Disassembler( ProcessorMode.Protected32, rdr, PrimitiveType.Word32, PrimitiveType.Word32, false); X86Instruction instr = dasm.First(); Assert.AreEqual("mov\teax,12345678", instr.ToString()); Assert.AreEqual("ptr32", instr.op2.Width.ToString()); }
public override IntelInstruction Decode(X86Disassembler disasm, byte op, string opFormat) { return(disasm.DecodeOperands(opcode, op, opFormat + format)); }
public virtual List <RtlInstruction>?InlineCall(IServiceProvider services, X86Disassembler dasm, Address addrCallee, Address addrContinuation, IStorageBinder binder) { return(null); }
public override IntelInstruction Decode(X86Disassembler disasm, byte op, string opFormat) { op = disasm.rdr.ReadByte(); return(s_aOpRec0F[op].Decode(disasm, op, "")); }
public virtual MachineInstruction DisassembleEx(Address addr) { var rdr = loader.Architecture.CreateImageReader(loader.Image, addr); var dasm = new X86Disassembler(rdr, PrimitiveType.Word32, PrimitiveType.Word32, false); return dasm.DisassembleInstruction(); }
private void RunTest(AssemblerFragment fragment, string sExp) { Address addrBase= Address.SegPtr(0xC00, 0); X86Assembler asm = new X86Assembler(sc, new MsdosPlatform(sc, new X86ArchitectureReal()), addrBase, new List<ImageSymbol>()); fragment.Build(asm); Program lr = asm.GetImage(); var mem = lr.SegmentMap.Segments.Values.First().MemoryArea; X86Disassembler dasm = new X86Disassembler( ProcessorMode.Real, mem.CreateLeReader(mem.BaseAddress), PrimitiveType.Word16, PrimitiveType.Word16, false); StringBuilder sb = new StringBuilder(); try { foreach (var instr in dasm) { sb.AppendFormat("{0}\t{1}", instr.Address, instr); sb.AppendLine(); } Assert.AreEqual(sExp, sb.ToString()); } catch { Console.WriteLine(sb.ToString()); throw; } }