Exemplo n.º 1
        private static int CalcAsmLength(Assembler asm)
            var stream = new MemoryStream();

            asm.Assemble(new StreamCodeWriter(stream), 0);

            // Disassemble the result
            stream.Position = 0;
            var reader  = new StreamCodeReader(stream);
            var decoder = Decoder.Create(64, reader);

            return(decoder.Select(i => i.Length).Sum());
Exemplo n.º 2
        public RealModeMemoryCore(ushort heapBaseSegment, ILogger logger) : base(logger)
            _heapBaseSegment = heapBaseSegment;

            _codeReader = new(_memory);
            _decoder    = Decoder.Create(16, _codeReader);

            // fill with halt instructions
            Array.Fill(_memory, (byte)0);

            // set alignment to 16 so that all allocations return a clean segment (which are 16 bytes)
            _memoryAllocator = new MemoryAllocator(logger, new FarPtr(_heapBaseSegment, 0), HEAP_MAX_SIZE, alignment: 16);
Exemplo n.º 3
        void Decode_enumerator_empty()
            var data    = Array.Empty <byte>();
            var decoder = Decoder.Create(64, data);
            var list    = EnumeratorDecode(decoder);

            Assert.Equal(0, list.Count);

            decoder = Decoder.Create(64, data);
            var array = decoder.ToArray();

            Assert.Equal(list, array);
Exemplo n.º 4
        Decoder CreateDecoder(int bitness, byte[] hexBytes, DecoderOptions options)
            var codeReader = new ByteArrayCodeReader(hexBytes);
            var decoder    = Decoder.Create(bitness, codeReader, options);

            decoder.IP = bitness switch {
                16 => DecoderConstants.DEFAULT_IP16,
                32 => DecoderConstants.DEFAULT_IP32,
                64 => DecoderConstants.DEFAULT_IP64,
                _ => throw new ArgumentOutOfRangeException(nameof(bitness)),
            Assert.Equal(bitness, decoder.Bitness);
Exemplo n.º 5
        void Decode_enumerator_one()
            var data    = new byte[] { 0x00, 0xCE };
            var decoder = Decoder.Create(64, data);
            var list    = EnumeratorDecode(decoder);

            Assert.Equal(1, list.Count);
            Assert.Equal(Code.Add_rm8_r8, list[0].Code);

            decoder = Decoder.Create(64, data);
            var array = decoder.ToArray();

            Assert.Equal(list, array);
Exemplo n.º 6
        void Test_Decoder_Create_throws()
            foreach (var bitness in BitnessUtils.GetInvalidBitnessValues())
                Assert.Throws <ArgumentOutOfRangeException>(() => Decoder.Create(bitness, new ByteArrayCodeReader("90"), DecoderOptions.None));
                Assert.Throws <ArgumentOutOfRangeException>(() => Decoder.Create(bitness, new byte[] { 0x90 }, DecoderOptions.None));

            foreach (var bitness in new[] { 16, 32, 64 })
                Assert.Throws <ArgumentNullException>(() => Decoder.Create(bitness, (CodeReader)null, DecoderOptions.None));
                Assert.Throws <ArgumentNullException>(() => Decoder.Create(bitness, (byte[])null, DecoderOptions.None));
Exemplo n.º 7
        void Decode_enumerator_incomplete_instruction_one()
            var data    = new byte[] { 0x66 };
            var decoder = Decoder.Create(64, data);
            var list    = EnumeratorDecode(decoder);

            Assert.Equal(1, list.Count);
            Assert.Equal(Code.INVALID, list[0].Code);

            decoder = Decoder.Create(64, data);
            var array = decoder.ToArray();

            Assert.Equal(list, array);
Exemplo n.º 8
        public unsafe static InstructionList AssembleToList(this Assembler Assembler, ulong RIP)
            var CWBuffer = new MemoryCodeWriter();

            Assembler.Assemble(CWBuffer, RIP);
            var Buffer = CWBuffer.ToArray();

            fixed(void *pBuffer = &Buffer[0])
                using (var Reader = new MemoryCodeReader(pBuffer, (uint)Buffer.Length)) {
                    var AsmDecoder = Decoder.Create(Assembler.Bitness, Reader);
Exemplo n.º 9
        void Decode_enumerator_incomplete_instruction_two()
            var data    = new byte[] { 0x00, 0xCE, 0x66, 0x09 };
            var decoder = Decoder.Create(64, data);
            var list    = EnumeratorDecode(decoder);

            Assert.Equal(2, list.Count);
            Assert.Equal(Code.Add_rm8_r8, list[0].Code);
            Assert.Equal(Code.INVALID, list[1].Code);

            decoder = Decoder.Create(64, data);
            var array = decoder.ToArray();

            Assert.Equal(list, array);
Exemplo n.º 10
        void Encode_MOV_CR8_in_64bit_mode_does_not_add_LOCK(string hexBytes, Code code, string encodedBytes)
            var decoder = Decoder.Create(64, new ByteArrayCodeReader(hexBytes));

            decoder.Decode(out var instr);
            Assert.Equal(code, instr.Code);
            var writer  = new CodeWriterImpl();
            var encoder = decoder.CreateEncoder(writer);

            encoder.Encode(ref instr, 0);
            var expectedBytes = HexUtils.ToByteArray(encodedBytes);
            var actualBytes   = writer.ToArray();

            Assert.Equal(expectedBytes, actualBytes);
Exemplo n.º 11
        internal static unsafe Decoder DecoderForAddress(IntPtr codeStart, int lengthLimit = 1000)
            if (codeStart == IntPtr.Zero)
                throw new NullReferenceException(nameof(codeStart));

            var stream     = new UnmanagedMemoryStream((byte *)codeStart, lengthLimit, lengthLimit, FileAccess.Read);
            var codeReader = new StreamCodeReader(stream);
            var decoder    = Decoder.Create(IntPtr.Size * 8, codeReader);

            decoder.IP = (ulong)codeStart;

Exemplo n.º 12
 void Decode_with_too_few_bytes_left()
     foreach (var tc in DecoderTestUtils.GetDecoderTests(includeOtherTests: true, includeInvalid: false))
         var bytes = HexUtils.ToByteArray(tc.HexBytes);
         for (int i = 0; i + 1 < bytes.Length; i++)
             var decoder = Decoder.Create(tc.Bitness, new ByteArrayCodeReader(bytes, 0, i), tc.Options);
             decoder.IP = 0x1000;
             decoder.Decode(out var instr);
             Assert.Equal(0x1000UL + (ulong)i, decoder.IP);
             Assert.Equal(Code.INVALID, instr.Code);
             Assert.Equal(DecoderError.NoMoreBytes, decoder.LastError);
Exemplo n.º 13
        protected void CreateCodeSegment(ReadOnlySpan <byte> byteCode, ushort segmentOrdinal = 1)
            //Decode the Segment
            var instructionList = new InstructionList();
            var codeReader      = new ByteArrayCodeReader(byteCode.ToArray());
            var decoder         = Decoder.Create(16, codeReader);

            decoder.IP = 0x0;

            while (decoder.IP < (ulong)byteCode.Length)
                decoder.Decode(out instructionList.AllocUninitializedElement());

            mbbsEmuMemoryCore.AddSegment(segmentOrdinal, instructionList);
Exemplo n.º 14
        private static void CreateCodeSegment(ReadOnlySpan <byte> byteCode, ushort segmentOrdinal = 1)
            //Decode the Segment
            var instructionList = new InstructionList();
            var codeReader      = new ByteArrayCodeReader(byteCode.ToArray());
            var decoder         = Decoder.Create(16, codeReader);

            decoder.IP = 0x0;

            while (decoder.IP < (ulong)byteCode.Length)
                decoder.Decode(out instructionList.AllocUninitializedElement());

            CreateCodeSegment(instructionList, segmentOrdinal);
Exemplo n.º 15
        private InstructionList DisassembleMethodInstructions(long methodOffset)
            const int NativeBitness   = 64;
            const int MaxMethodLength = 0xFFFF;

            var codeReader = new ByteArrayCodeReader(NativeDllCode, (int)methodOffset, (int)Math.Min(MaxMethodLength, NativeDllCode.Length - methodOffset));
            var decoder    = Decoder.Create(NativeBitness, codeReader);

            decoder.InstructionPointer = 0;
            ulong endRip = decoder.InstructionPointer + MaxMethodLength;

            var instructions = new InstructionList();
            int int3count    = 0;

            while (decoder.InstructionPointer < endRip)
                if (decoder.InstructionPointer > 0)
                    long currentOffset = methodOffset + (long)decoder.InstructionPointer;
                    if (Offsets.MethodsFromOffsets.ContainsKey(currentOffset))
                decoder.Decode(out Instruction instruction);
                if (instruction.Code == Code.INVALID)
                else if (instruction.Code == Code.Int3)
                    if (int3count >= 2)
                    int3count = 0;

Exemplo n.º 16
        /// <summary>
        /// Returns a set of instructions represented by the prologue this type was instantiated with.
        /// </summary>
        private IList <Instruction> DecodePrologue()
            var codeReader = new ByteArrayCodeReader(_bytes);
            var decoder    = Decoder.Create(_bitness, codeReader);

            decoder.IP = _originalFunctionAddress;
            ulong endRip = decoder.IP + (uint)_bytes.Length;

            var instructions = new InstructionList();

            while (decoder.IP < endRip)
                decoder.Decode(out instructions.AllocUninitializedElement());

Exemplo n.º 17
        void Prevent_VEX2_encoding(string hexBytes, string expectedBytes, Code code, bool preventVEX2)
            var decoder = Decoder.Create(64, new ByteArrayCodeReader(hexBytes));

            decoder.IP = DecoderConstants.DEFAULT_IP64;
            decoder.Decode(out var instr);
            Assert.Equal(code, instr.Code);
            var codeWriter = new CodeWriterImpl();
            var encoder    = decoder.CreateEncoder(codeWriter);

            encoder.PreventVEX2 = preventVEX2;
            encoder.Encode(ref instr, DecoderConstants.DEFAULT_IP64);
            var encodedBytes       = codeWriter.ToArray();
            var expectedBytesArray = HexUtils.ToByteArray(expectedBytes);

            Assert.Equal(expectedBytesArray, encodedBytes);
Exemplo n.º 18
        internal static Instruction[] Decode(int bitness, ulong rip, byte[] data, DecoderOptions options)
            var decoder = Decoder.Create(bitness, new ByteArrayCodeReader(data), options);

            decoder.IP = rip;
            var list = new List <Instruction>();

            while ((decoder.IP - rip) < (uint)data.Length)
            if (decoder.IP - rip != (uint)data.Length)
                throw new InvalidOperationException();
Exemplo n.º 19
        void FormatMnemonicOptions(string hexBytes, Code code, int bitness, string formattedString, FormatMnemonicOptions options)
            var decoder = Decoder.Create(bitness, new ByteArrayCodeReader(hexBytes));

            decoder.Decode(out var instruction);
            Assert.Equal(code, instruction.Code);
            var formatter = FormatterFactory.Create();
            var output    = new StringOutput();

            formatter.FormatMnemonic(instruction, output, options);
            var actualFormattedString = output.ToStringAndReset();

#pragma warning disable xUnit2006 // Do not use invalid string equality check
            // Show the full string without ellipses by using Equal<string>() instead of Equal()
            Assert.Equal <string>(formattedString, actualFormattedString);
#pragma warning restore xUnit2006 // Do not use invalid string equality check
Exemplo n.º 20
        public static void Main(string[] args)
            var code   = File.ReadAllBytes(args[0]);
            var reader = new ByteArrayCodeReader(code);

            var decoder = Decoder.Create(64, reader);

            decoder.InstructionPointer = 0x00007FFAC46ACDA4;

            var end          = decoder.InstructionPointer + (uint)code.Length;
            var instructions = new InstructionList();

            while (decoder.InstructionPointer < end)
                decoder.Decode(out instructions.AllocUninitializedElement());
Exemplo n.º 21
        void DisplInBrackets(string hexBytes, int bitness, string formattedString, Flags flags)
            var decoder = Decoder.Create(bitness, new ByteArrayCodeReader(hexBytes));

            switch (bitness)
            case 16: decoder.IP = DecoderConstants.DEFAULT_IP16; break;

            case 32: decoder.IP = DecoderConstants.DEFAULT_IP32; break;

            case 64: decoder.IP = DecoderConstants.DEFAULT_IP64; break;

            default: throw new InvalidOperationException();
            decoder.Decode(out var instr);

            var resolver = new TestSymbolResolver {
                tryGetSymbol = (in Instruction instruction, int operand, int instructionOperand, ulong address, int addressSize, out SymbolResult symbol) => {
                    if (instructionOperand == 1 && (flags & Flags.Symbol) != 0)
                        symbol = new SymbolResult(address, "symbol", FormatterOutputTextKind.Data, (flags & Flags.Signed) != 0 ? SymbolFlags.Signed : SymbolFlags.None);
                    symbol = default;
            var formatter = (MasmFormatter)MasmFormatterFactory.Create_Resolver(resolver).formatter;

            formatter.MasmOptions.SymbolDisplInBrackets = (flags & Flags.SymbolDisplInBrackets) != 0;
            formatter.MasmOptions.DisplInBrackets       = (flags & Flags.DisplInBrackets) != 0;
            formatter.MasmOptions.RipRelativeAddresses  = (flags & Flags.Rip) != 0;
            formatter.MasmOptions.ShowZeroDisplacements = (flags & Flags.ShowZeroDisplacements) != 0;
            formatter.MasmOptions.AddDsPrefix32         = (flags & Flags.NoAddDsPrefix32) == 0;

            var output = new StringBuilderFormatterOutput();

            formatter.Format(instr, output);
            var actualFormattedString = output.ToStringAndReset();

#pragma warning disable xUnit2006 // Do not use invalid string equality check
            // Show the full string without ellipses by using Equal<string>() instead of Equal()
            Assert.Equal <string>(formattedString, actualFormattedString);
#pragma warning restore xUnit2006 // Do not use invalid string equality check
Exemplo n.º 22
        void Decode_ctor_with_byte_array_arg()
            var decoder = Decoder.Create(16, new byte[] { 0x01, 0xCE }, DecoderOptions.None);

            Assert.Equal(16, decoder.Bitness);
            decoder.Decode(out var instr);
            Assert.Equal(Code.Add_rm16_r16, instr.Code);

            decoder = Decoder.Create(32, new byte[] { 0x01, 0xCE }, DecoderOptions.None);
            Assert.Equal(32, decoder.Bitness);
            decoder.Decode(out instr);
            Assert.Equal(Code.Add_rm32_r32, instr.Code);

            decoder = Decoder.Create(64, new byte[] { 0x48, 0x01, 0xCE }, DecoderOptions.None);
            Assert.Equal(64, decoder.Bitness);
            decoder.Decode(out instr);
            Assert.Equal(Code.Add_rm64_r64, instr.Code);
Exemplo n.º 23
        void Test_EVEX_WIG_LIG(string hexBytes, string expectedBytes, Code code, uint wig, uint lig)
            var decoder = Decoder.Create(64, new ByteArrayCodeReader(hexBytes));

            decoder.IP = DecoderConstants.DEFAULT_IP64;
            decoder.Decode(out var instruction);
            Assert.Equal(code, instruction.Code);
            var codeWriter = new CodeWriterImpl();
            var encoder    = Encoder.Create(decoder.Bitness, codeWriter);

            encoder.EVEX_WIG = wig;
            encoder.EVEX_LIG = lig;
            encoder.Encode(instruction, DecoderConstants.DEFAULT_IP64);
            var encodedBytes       = codeWriter.ToArray();
            var expectedBytesArray = HexUtils.ToByteArray(expectedBytes);

            Assert.Equal(expectedBytesArray, encodedBytes);
Exemplo n.º 24
        public override Sound LoadSound(Stream stream, AudioFormat format)
            using var decoder = Decoder.Create(stream, format);

            var sound = new ALSound();


Exemplo n.º 25
        void VATests(VirtualAddressTestCase tc)
            var decoder = Decoder.Create(tc.Bitness, new ByteArrayCodeReader(tc.HexBytes), tc.DecoderOptions);

            decoder.IP = tc.Bitness switch {
                16 => DecoderConstants.DEFAULT_IP16,
                32 => DecoderConstants.DEFAULT_IP32,
                64 => DecoderConstants.DEFAULT_IP64,
                _ => throw new InvalidOperationException(),
            var instruction     = decoder.Decode();
            var getRegValue     = new VARegisterValueProviderImpl(tc.RegisterValues);
            var getRegValueFail = new VARegisterValueProviderImpl(Array.Empty <(Register register, int elementIndex, int elementSize, ulong value)>());

            var factory = new InstructionInfoFactory();
            var info    = factory.GetInfo(instruction);
            var usedMem = info.GetUsedMemory().Skip(tc.UsedMemIndex).First();

            bool b1 = usedMem.TryGetVirtualAddress(tc.ElementIndex, getRegValue, out ulong value1);

            Assert.Equal(tc.ExpectedValue, value1);

            bool b2 = usedMem.TryGetVirtualAddress(tc.ElementIndex, out ulong value2,
                                                   (Register register, int elementIndex, int elementSize, out ulong value) =>
                                                   getRegValue.TryGetRegisterValue(register, elementIndex, elementSize, out value));

            Assert.Equal(tc.ExpectedValue, value2);

            ulong value3 = usedMem.GetVirtualAddress(tc.ElementIndex, getRegValue);

            Assert.Equal(tc.ExpectedValue, value3);

            ulong value4 = usedMem.GetVirtualAddress(tc.ElementIndex, (register, elementIndex2, elementSize) =>
                                                     getRegValue.GetRegisterValue(register, elementIndex2, elementSize));

            Assert.Equal(tc.ExpectedValue, value4);

            Assert.False(usedMem.TryGetVirtualAddress(tc.ElementIndex, out ulong value5, (Register register, int elementIndex, int elementSize, out ulong value) => { value = 0; return(false); }));
            Assert.Equal(0UL, value5);
            Assert.False(usedMem.TryGetVirtualAddress(tc.ElementIndex, getRegValueFail, out ulong value6));
            Assert.Equal(0UL, value6);
Exemplo n.º 26
        void Decode_multiple_instrs_with_one_instance()
            var reader16     = new DecodeMultipleCodeReader();
            var reader32     = new DecodeMultipleCodeReader();
            var reader64     = new DecodeMultipleCodeReader();
            var decoderAll16 = Decoder.Create16(reader16);
            var decoderAll32 = Decoder.Create32(reader32);
            var decoderAll64 = Decoder.Create64(reader64);

            foreach (var info in DecoderTestUtils.GetDecoderTests(needHexBytes: true, includeOtherTests: false))
                var     data    = HexUtils.ToByteArray(info.HexBytes);
                var     decoder = Decoder.Create(info.Bitness, new ByteArrayCodeReader(data));
                Decoder decoderAll;
                switch (info.Bitness)
                case 16:
                    decoder.InstructionPointer = DecoderConstants.DEFAULT_IP16;
                    decoderAll = decoderAll16;

                case 32:
                    decoder.InstructionPointer = DecoderConstants.DEFAULT_IP32;
                    decoderAll = decoderAll32;

                case 64:
                    decoder.InstructionPointer = DecoderConstants.DEFAULT_IP64;
                    decoderAll = decoderAll64;

                    throw new InvalidOperationException();
                decoderAll.InstructionPointer = decoder.InstructionPointer;
                var instr1 = decoder.Decode();
                var instr2 = decoderAll.Decode();
                Assert.Equal(info.Code, instr1.Code);
                Assert.True(Instruction.TEST_BitByBitEquals(ref instr1, ref instr2));
Exemplo n.º 27
        private protected void TestBase(int bitness, string hexBytes, int operand, int elementIndex, ulong expectedValue, VARegisterValueProviderImpl getRegValue)
            var decoder = Decoder.Create(bitness, new ByteArrayCodeReader(hexBytes));

            decoder.IP = bitness switch {
                16 => DecoderConstants.DEFAULT_IP16,
                32 => DecoderConstants.DEFAULT_IP32,
                64 => DecoderConstants.DEFAULT_IP64,
                _ => throw new InvalidOperationException(),
            var   instruction = decoder.Decode();
            ulong value1      = instruction.GetVirtualAddress(operand, elementIndex, getRegValue);

            Assert.Equal(expectedValue, value1);
            ulong value2 = instruction.GetVirtualAddress(operand, elementIndex, (register, elementIndex2, elementSize) =>
                                                         getRegValue.GetRegisterValue(register, elementIndex2, elementSize));

            Assert.Equal(expectedValue, value2);
Exemplo n.º 28
        void VATests(VirtualAddressTestCase tc)
            var decoder = Decoder.Create(tc.Bitness, new ByteArrayCodeReader(tc.HexBytes));

            decoder.IP = tc.Bitness switch {
                16 => DecoderConstants.DEFAULT_IP16,
                32 => DecoderConstants.DEFAULT_IP32,
                64 => DecoderConstants.DEFAULT_IP64,
                _ => throw new InvalidOperationException(),
            var   instruction = decoder.Decode();
            var   getRegValue = new VARegisterValueProviderImpl(tc.RegisterValues);
            ulong value1      = instruction.GetVirtualAddress(tc.Operand, tc.ElementIndex, getRegValue);

            Assert.Equal(tc.ExpectedValue, value1);
            ulong value2 = instruction.GetVirtualAddress(tc.Operand, tc.ElementIndex, (register, elementIndex2, elementSize) =>
                                                         getRegValue.GetRegisterValue(register, elementIndex2, elementSize));

            Assert.Equal(tc.ExpectedValue, value2);
Exemplo n.º 29
        /// <summary>
        /// Creates a new wrapper around a raw stream containing x86 code.
        /// </summary>
        /// <param name="architecture">The x86 architecture.</param>
        /// <param name="inputStream">The raw code stream.</param>
        /// <param name="bitness">The bitness of the x86 code. This value must be either 16, 32 or 64.</param>
        /// <param name="baseAddress">The base address of the code stream.</param>
        /// <param name="decoderOptions">Additional decoder options that need to be passed onto the Iced decoder.</param>
        public X86DecoderInstructionProvider(
            IInstructionSetArchitecture <Instruction> architecture,
            Stream inputStream,
            int bitness,
            ulong baseAddress,
            DecoderOptions decoderOptions)
            _inputStream = inputStream ?? throw new ArgumentNullException(nameof(inputStream));
            if (!inputStream.CanRead)
                throw new ArgumentException("Input stream must be readable.");
            if (!inputStream.CanSeek)
                throw new ArgumentException("Input stream must be seekable.");

            _decoder     = Decoder.Create(bitness, new StreamCodeReader(inputStream), decoderOptions);
            Architecture = architecture;
            BaseAddress  = baseAddress;
Exemplo n.º 30
        // TODO: Extract all AMD64-related logics to other helper class

        public static unsafe void HijackManagedMethod(MethodInfo target, MethodInfo hook, HijackContextBase context)
            // Make sure method is jitted already.

            Byte *pTargetMethod = (Byte *)target.MethodHandle.GetFunctionPointer();

            // TODO: make allocation free way to allocate decoder.
            Decoder d = Decoder.Create(64, new BytePtrCodeReader(pTargetMethod));

            Instruction inst = d.Decode();

            switch (inst.Code)
            case Code.Jmp_rel32_64:
                pTargetMethod += inst.Immediate32to64;

            HijackUnmanagedMethod(pTargetMethod, hook, context);