private IntelInstruction Disassemble64(params byte[] bytes) { var img = new LoadedImage(Address.Ptr64(0x10000), bytes); var rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(rdr, PrimitiveType.Word32, PrimitiveType.Word64, true); return dasm.First(); }
private IntelInstruction Disassemble16(params byte[] bytes) { LoadedImage img = new LoadedImage(Address.SegPtr(0xC00, 0), bytes); ImageReader rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(rdr, PrimitiveType.Word16, PrimitiveType.Word16, false); return dasm.First(); }
private X86Instruction Disassemble32(params byte[] bytes) { var img = new LoadedImage(Address.Ptr32(0x10000), bytes); var rdr = img.CreateLeReader(img.BaseAddress); var dasm = new X86Disassembler(ProcessorMode.Protected32, rdr, PrimitiveType.Word32, PrimitiveType.Word32, false); return dasm.First(); }
private void RunTest(string sExp, params byte[] bytes) { var image = new LoadedImage(Address.Ptr32(0x0100000), bytes); var dasm = new CilDisassembler(image.CreateLeReader(0)).GetEnumerator(); Assert.IsTrue(dasm.MoveNext()); var instr = dasm.Current; Assert.AreEqual(sExp, instr.ToString()); }
private void CreateDisassembler32(LoadedImage image) { dasm = new X86Disassembler( image.CreateLeReader(image.BaseAddress), PrimitiveType.Word32, PrimitiveType.Word32, false); }
private void CreateDisassembler16(LoadedImage image) { dasm = new X86Disassembler( ProcessorMode.Real, image.CreateLeReader(image.BaseAddress), PrimitiveType.Word16, PrimitiveType.Word16, false); }
protected MachineInstruction Disassemble(uint instr) { var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[4]); LeImageWriter w = new LeImageWriter(image.Bytes); w.WriteLeUInt32(0, instr); var arch = CreateArchitecture(); var dasm = CreateDisassembler(arch, image.CreateLeReader(0)); Assert.IsTrue(dasm.MoveNext()); return dasm.Current; }
protected MachineInstruction DisassembleBits(string bitPattern) { var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[4]); LeImageWriter w = new LeImageWriter(image.Bytes); uint instr = ParseBitPattern(bitPattern); w.WriteLeUInt32(0, instr); var b = image.Bytes; Debug.Print("Instruction bytes: {0:X2} {1:X2} {2:X2} {3:X2}", b[0], b[1], b[2], b[3]); var arch = CreateArchitecture(); var dasm = arch.CreateDisassembler(image.CreateLeReader(0)); return dasm.First(); }
protected MachineInstruction Disassemble16(params ushort[] instrs) { var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[4]); LeImageWriter w = new LeImageWriter(image.Bytes); foreach (var instr in instrs) { w.WriteLeUInt16(instr); } var arch = CreateArchitecture(); var dasm = CreateDisassembler(arch, image.CreateLeReader(0)); Assert.IsTrue(dasm.MoveNext()); var armInstr = dasm.Current; dasm.Dispose(); return armInstr; }
protected static Arm32Instruction Disassemble(byte[] bytes) { var image = new LoadedImage(Address.Ptr32(0x00100000), bytes); var dasm = new Arm32Disassembler(new Arm32ProcessorArchitecture(), image.CreateLeReader(0)); return dasm.First(); }
public void X86Dis_RelocatedSegment() { byte[] image = new byte[] { 0x2E, 0xC7, 0x06, 0x01, 0x00, 0x00, 0x08 }; // mov cs:[0001],0800 LoadedImage img = new LoadedImage(Address.SegPtr(0x900, 0), image); img.Relocations.AddSegmentReference(5, 0x0800); ImageReader rdr = img.CreateLeReader(img.BaseAddress); CreateDisassembler16(rdr); X86Instruction instr = dasm.First(); Assert.AreEqual("mov\tword ptr cs:[0001],0800", instr.ToString()); Assert.AreEqual("selector", instr.op2.Width.ToString()); }
public void X86Dis_RelocatedOperand() { byte[] image = new byte[] { 0xB8, 0x78, 0x56, 0x34, 0x12 }; // mov eax,0x12345678 LoadedImage img = new LoadedImage(Address.Ptr32(0x00100000), image); img.Relocations.AddPointerReference(0x00100001ul - img.BaseAddress.ToLinear(), 0x12345678); ImageReader rdr = img.CreateLeReader(img.BaseAddress); X86Disassembler dasm = new X86Disassembler( ProcessorMode.Protected32, rdr, PrimitiveType.Word32, PrimitiveType.Word32, false); X86Instruction instr = dasm.First(); Assert.AreEqual("mov\teax,12345678", instr.ToString()); Assert.AreEqual("ptr32", instr.op2.Width.ToString()); }
//[Test] public void ThumbRw_regression() { var code = ThumbBlock .Replace("\r\n", "\n") .Split('\n') .Select(s => s.Trim()) .Where(s => !string.IsNullOrEmpty(s)) .SelectMany(s => { var ss = s.Split(':')[1] .Trim() .Remove(9) .Replace(" ", ""); return ss.Length == 8 ? new[] { ss.Substring(0, 4), ss.Substring(4, 4) } : new[] { ss.Substring(0, 4) }; }) .Select(s => Convert.ToUInt16(s, 16)) .SelectMany(s => new byte[] { (byte) s, (byte) (s >> 8) }) .ToArray(); var image = new LoadedImage(Address.Ptr32(0x00401000), code); var rw = new ThumbRewriter(arch, image.CreateLeReader(0), new ArmProcessorState(arch), arch.CreateFrame(), new FakeRewriterHost()); { foreach (var rtc in rw) { Console.WriteLine(rtc.Address); foreach (var rtl in rtc.Instructions) { Console.WriteLine(" {0}", rtl); } } } }