/// <summary>Invoke the native Capstone exported function that will open /// a disassembler for the given pair of architecture and mode.</summary> /// <param name="architecture">Target architecture</param> /// <param name="mode">Target mode</param> /// <returns>The native handle that is to be wrapped by our super class /// safe handle.</returns> /// <remarks>This method is for use by the constructor exclusively.</remarks> private static IntPtr CreateNativeAssembler(DisassembleArchitecture architecture, DisassembleMode mode) { IntPtr native; CapstoneImport.Open(architecture, mode, out native).ThrowOnCapstoneError(); return(native); }
/// <summary>Create a Disassembler.</summary> /// <param name="architecture">The disassembler's architecture.</param> /// <param name="mode">The disassembler's mode.</param> protected CapstoneDisassembler(DisassembleArchitecture architecture, DisassembleMode mode) : base(CreateNativeAssembler(architecture, mode)) { this.Architecture = architecture; this._mode = mode; this.EnableDetails = false; this.Syntax = DisassembleSyntaxOptionValue.Default; return; }
/// <summary> /// Create a Disassembler. /// </summary> /// <param name="architecture"> /// The disassembler's architecture. /// </param> /// <param name="mode"> /// The disassembler's mode. /// </param> protected CapstoneDisassembler(DisassembleArchitecture architecture, DisassembleMode mode) { this._architecture = architecture; this._mode = mode; this._handle = NativeCapstone.Create(this._architecture, this._mode); this.EnableDetails = false; this.Syntax = DisassembleSyntaxOptionValue.Default; }
/// <summary> /// Set Disassemble Mode Option. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <param name="mode"> /// A disassemble mode. /// </param> /// <exception cref="System.InvalidOperationException"> /// Thrown if the disassemble mode option could not be set. /// </exception> public static void SetDisassembleModeOption(SafeCapstoneHandle handle, DisassembleMode mode) { var pHandle = handle.DangerousGetHandle(); const int iOption = (int)DisassembleOptionType.Mode; // Set Disassemble Option. // // ... var resultCode = CapstoneImport.SetOption(pHandle, iOption, (IntPtr)mode); if (resultCode != (int)DisassembleErrorCode.Ok) { throw new InvalidOperationException("Unable to set disassemble mode option."); } }
/// <summary> /// Create a Capstone Disassembler. /// </summary> /// <param name="architecture"> /// The disassemble architecture. /// </param> /// <param name="mode"> /// The disassemble mode. /// </param> /// <returns> /// A Capstone handle. /// </returns> /// <exception cref="System.InvalidOperationException"> /// Thrown if a Capstone disassembler could not be created. /// </exception> public static SafeCapstoneHandle Create(DisassembleArchitecture architecture, DisassembleMode mode) { var iArchitecture = (int) architecture; var iMode = (int) mode; var pHandle = IntPtr.Zero; // Open Capstone Handle. // // ... var resultCode = CapstoneImport.Open(iArchitecture, iMode, ref pHandle); if (resultCode != (int) DisassembleErrorCode.Ok) { throw new InvalidOperationException("Unable to create a Capstone disassembler."); } var handle = new SafeCapstoneHandle(pHandle); return handle; }
static void Disassembly(string[] data, DisassembleMode mode) { switch (mode) { case DisassembleMode.NormalEvent: NormalEventProcess(data); break; case DisassembleMode.SpecialEvent: SpecialEventProcess(data); break; case DisassembleMode.FreeEvent: FreeEventProcess(data); break; default: break; } }
/// <summary> /// Create an X86 Disassembler. /// </summary> /// <param name="mode"> /// The disassembler's mode. /// </param> /// <returns> /// A capstone disassembler. /// </returns> public static CapstoneDisassembler <X86Instruction, X86Register, X86InstructionGroup, X86InstructionDetail> CreateX86Disassembler(DisassembleMode mode) { var @object = new CapstoneX86Disassembler(mode); return(@object); }
internal static void ShowArm(DisassembleMode mode) { using (CapstoneArmDisassembler disassembler = new CapstoneArmDisassembler(mode)) { disassembler.EnableDetails = true; disassembler.Syntax = DisassembleSyntaxOptionValue.Intel; byte[] code = new byte[0]; switch (mode) { case DisassembleMode.Arm32: code = new byte[] {0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00}; break; case (int)DisassembleMode.Arm32 + DisassembleMode.ArmV8: code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 }; break; case DisassembleMode.ArmThumb: code = new byte[] {0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84}; break; case (int) DisassembleMode.ArmThumb + DisassembleMode.ArmCortexM: code = new byte[] {0xef, 0xf3, 0x02, 0x80}; break; } var instructions = disassembler.Disassemble(code); string hexCode = BitConverter.ToString(code).Replace("-", " "); Console.WriteLine(hexCode); Console.WriteLine(); foreach (var instruction in instructions) { Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand); Console.WriteLine("\t Id = {0}", instruction.Id); if (instruction.ArchitectureDetail != null) { Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag); Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode); Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition); Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters); Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier); Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length); foreach (ArmInstructionOperand operand in instruction.ArchitectureDetail.Operands) { string operandValue = null; switch (operand.Type) { case ArmInstructionOperandType.CImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.FloatingPoint: operandValue = operand.FloatingPointValue.Value.ToString(); break; case ArmInstructionOperandType.Immediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.PImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.Memory: operandValue = "-->"; break; case ArmInstructionOperandType.Register: operandValue = operand.RegisterValue.Value.ToString(); break; case ArmInstructionOperandType.SetEnd: operandValue = operand.SetEndValue.Value.ToString(); break; case ArmInstructionOperandType.SysRegister: operandValue = operand.SysRegisterValue.Value.ToString(); break; } Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue); if (operand.Type == ArmInstructionOperandType.Memory) { Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister); Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement); Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister); Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale); Console.WriteLine(); } Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted); Console.WriteLine("\t\t\t Shifter = -->"); Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type); Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value); Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex); } Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags); Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType); Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize); Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack); } Console.WriteLine(); } } }
/// <summary> /// Create a Capstone Disassembler. /// </summary> /// <param name="architecture"> /// The disassemble architecture. /// </param> /// <param name="mode"> /// The disassemble mode. /// </param> /// <returns> /// A Capstone handle. /// </returns> /// <exception cref="System.InvalidOperationException"> /// Thrown if a Capstone disassembler could not be created. /// </exception> public static SafeCapstoneHandle Create(DisassembleArchitecture architecture, DisassembleMode mode) { var iArchitecture = (int)architecture; var iMode = (int)mode; var pHandle = IntPtr.Zero; // Open Capstone Handle. // // ... var resultCode = CapstoneImport.Open(iArchitecture, iMode, ref pHandle); if (resultCode != (int)DisassembleErrorCode.Ok) { throw new InvalidOperationException("Unable to create a Capstone disassembler."); } var handle = new SafeCapstoneHandle((UIntPtr)(ulong)(long)pHandle); return(handle); }
/// <summary> /// Create a ARM64 Disassembler. /// </summary> /// <param name="mode"> /// The disassembler's mode. /// </param> /// <returns> /// A capstone disassembler. /// </returns> public static CapstoneDisassembler <Arm64Instruction, Arm64Register, Arm64InstructionGroup, Arm64InstructionDetail> CreateArm64Disassembler(DisassembleMode mode) { var @object = new CapstoneArm64Disassembler(mode); return(@object); }
internal static void ShowArm(DisassembleMode mode) { // Create ARM Disassembler. // // Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically // when it is no longer needed. using (var disassembler = CapstoneDisassembler.CreateArmDisassembler(mode)) { // Enable Disassemble Details. // // Enables disassemble details, which are disabled by default, to provide more detailed information on // disassembled binary code. disassembler.EnableDetails = true; // Set Disassembler's Syntax. // // Make the disassembler generate instructions in Intel syntax. disassembler.Syntax = DisassembleSyntaxOptionValue.Intel; var code = new byte[0]; switch (mode) { case DisassembleMode.Arm32: code = new byte[] { 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00 }; break; case (int)DisassembleMode.Arm32 + DisassembleMode.ArmV8: code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 }; break; case DisassembleMode.ArmThumb: code = new byte[] { 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84 }; break; case DisassembleMode.ArmThumbArmCortexM: code = new byte[] { 0xef, 0xf3, 0x02, 0x80 }; break; } // Disassemble All Binary Code. // // ... var instructions = disassembler.DisassembleAll(code); var hexCode = BitConverter.ToString(code).Replace("-", " "); Console.WriteLine(hexCode); Console.WriteLine(); // Loop Through Each Disassembled Instruction. // ... foreach (var instruction in instructions) { Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand); Console.WriteLine("\t Id = {0}", instruction.Id); if (instruction.ArchitectureDetail != null) { Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag); Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode); Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition); Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters); Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier); Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length); // Loop Through Each Instruction's Operands. // // ... foreach (var operand in instruction.ArchitectureDetail.Operands) { string operandValue = null; switch (operand.Type) { case ArmInstructionOperandType.CImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.FloatingPoint: operandValue = operand.FloatingPointValue.Value.ToString(); break; case ArmInstructionOperandType.Immediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.PImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.Memory: operandValue = "-->"; break; case ArmInstructionOperandType.Register: operandValue = operand.RegisterValue.Value.ToString(); break; case ArmInstructionOperandType.SetEnd: operandValue = operand.SetEndValue.Value.ToString(); break; case ArmInstructionOperandType.SysRegister: operandValue = operand.SysRegisterValue.Value.ToString(); break; } Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue); // Handle Memory Operand. // // ... if (operand.Type == ArmInstructionOperandType.Memory) { Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister); Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement); Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister); Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale); Console.WriteLine(); } Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted); Console.WriteLine("\t\t\t Shifter = -->"); Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type); Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value); Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex); } Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags); Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType); Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize); Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack); } Console.WriteLine(); } } }
/// <summary>Create a Capstone ARM Disassembler.</summary> /// <param name="mode">The disassembler's mode.</param> public CapstoneArmDisassembler(DisassembleMode mode) : base(DisassembleArchitecture.Arm, mode) { return; }
/// <summary> /// Create a Capstone ARM Disassembler. /// </summary> /// <param name="mode"> /// The disassembler's mode. /// </param> internal CapstoneArmDisassembler(DisassembleMode mode) : base(DisassembleArchitecture.Arm, mode) { }
////////////////////////////////////////////// Disassembler ////////////////////////////////////////////// public static String DisassembleLine(byte[] source, uint index, uint address, DisassembleMode disassembleMode, out int length) { StringBuilder disassembledString = new StringBuilder(256); length = NativeMethods.DisassembleInstruction(source, source.Length, index, address, disassembleMode, disassembledString); return disassembledString.ToString().Trim(); }
/// <summary> /// Set Disassemble Mode Option. /// </summary> /// <param name="handle"> /// A Capstone handle. Should not be a null reference. /// </param> /// <param name="mode"> /// A disassemble mode. /// </param> /// <exception cref="System.InvalidOperationException"> /// Thrown if the disassemble mode option could not be set. /// </exception> public static void SetDisassembleModeOption(SafeCapstoneHandle handle, DisassembleMode mode) { var pHandle = handle.DangerousGetHandle(); const int iOption = (int) DisassembleOptionType.Mode; // Set Disassemble Option. // // ... var resultCode = CapstoneImport.SetOption(pHandle, iOption, (IntPtr) mode); if (resultCode != (int) DisassembleErrorCode.Ok) { throw new InvalidOperationException("Unable to set disassemble mode option."); } }
internal static extern CapstoneErrorCode Open( [In] DisassembleArchitecture architecture, [In] DisassembleMode mode, [Out] out IntPtr handle);
internal static void ShowArm(DisassembleMode mode) { using (CapstoneArmDisassembler disassembler = new CapstoneArmDisassembler(mode)) { disassembler.EnableDetails = true; disassembler.Syntax = DisassembleSyntaxOptionValue.Intel; byte[] code = new byte[0]; switch (mode) { case DisassembleMode.Arm32: code = new byte[] { 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00 }; break; case (int)DisassembleMode.Arm32 + DisassembleMode.ArmV8: code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 }; break; case DisassembleMode.ArmThumb: code = new byte[] { 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84 }; break; case (int)DisassembleMode.ArmThumb + DisassembleMode.ArmCortexM: code = new byte[] { 0xef, 0xf3, 0x02, 0x80 }; break; } var instructions = disassembler.Disassemble(code); string hexCode = BitConverter.ToString(code).Replace("-", " "); Console.WriteLine(hexCode); Console.WriteLine(); foreach (var instruction in instructions) { Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand); Console.WriteLine("\t Id = {0}", instruction.Id); if (instruction.ArchitectureDetail != null) { Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag); Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode); Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition); Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters); Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier); Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length); foreach (ArmInstructionOperand operand in instruction.ArchitectureDetail.Operands) { string operandValue = null; switch (operand.Type) { case ArmInstructionOperandType.CImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.FloatingPoint: operandValue = operand.FloatingPointValue.Value.ToString(); break; case ArmInstructionOperandType.Immediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.PImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.Memory: operandValue = "-->"; break; case ArmInstructionOperandType.Register: operandValue = operand.RegisterValue.Value.ToString(); break; case ArmInstructionOperandType.SetEnd: operandValue = operand.SetEndValue.Value.ToString(); break; case ArmInstructionOperandType.SysRegister: operandValue = operand.SysRegisterValue.Value.ToString(); break; } Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue); if (operand.Type == ArmInstructionOperandType.Memory) { Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister); Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement); Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister); Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale); Console.WriteLine(); } Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted); Console.WriteLine("\t\t\t Shifter = -->"); Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type); Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value); Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex); } Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags); Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType); Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize); Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack); } Console.WriteLine(); } } }
/// <summary> /// Create a Capstone X86 Disassembler. /// </summary> /// <param name="mode"> /// The disassembler's mode. /// </param> internal CapstoneX86Disassembler(DisassembleMode mode) : base(DisassembleArchitecture.X86, mode) { }
/// <summary>Create a Capstone X86 Disassembler.</summary> /// <param name="mode">The disassembler's mode.</param> public CapstoneX86Disassembler(DisassembleMode mode) : base(DisassembleArchitecture.X86, mode) { return; }
public void SetDisassembleMode(DisassembleMode mode) { dasmMode = mode; }
internal static void ShowArm(DisassembleMode mode) { // Create ARM Disassembler. // // Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically // when it is no longer needed. using (var disassembler = CapstoneDisassembler.CreateArmDisassembler(mode)) { // Enable Disassemble Details. // // Enables disassemble details, which are disabled by default, to provide more detailed information on // disassembled binary code. disassembler.EnableDetails = true; // Set Disassembler's Syntax. // // Make the disassembler generate instructions in Intel syntax. disassembler.Syntax = DisassembleSyntaxOptionValue.Intel; var code = new byte[0]; switch (mode) { case DisassembleMode.Arm32: code = new byte[] { 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00 }; break; case (int) DisassembleMode.Arm32 + DisassembleMode.ArmV8: code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 }; break; case DisassembleMode.ArmThumb: code = new byte[] { 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84 }; break; case DisassembleMode.ArmThumbArmCortexM: code = new byte[] { 0xef, 0xf3, 0x02, 0x80 }; break; } // Disassemble All Binary Code. // // ... var instructions = disassembler.DisassembleAll(code); var hexCode = BitConverter.ToString(code).Replace("-", " "); Console.WriteLine(hexCode); Console.WriteLine(); // Loop Through Each Disassembled Instruction. // ... foreach (var instruction in instructions) { Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand); Console.WriteLine("\t Id = {0}", instruction.Id); if (instruction.ArchitectureDetail != null) { Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag); Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode); Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition); Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters); Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier); Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length); // Loop Through Each Instruction's Operands. // // ... foreach (var operand in instruction.ArchitectureDetail.Operands) { string operandValue = null; switch (operand.Type) { case ArmInstructionOperandType.CImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.FloatingPoint: operandValue = operand.FloatingPointValue.Value.ToString(); break; case ArmInstructionOperandType.Immediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.PImmediate: operandValue = operand.ImmediateValue.Value.ToString("X"); break; case ArmInstructionOperandType.Memory: operandValue = "-->"; break; case ArmInstructionOperandType.Register: operandValue = operand.RegisterValue.Value.ToString(); break; case ArmInstructionOperandType.SetEnd: operandValue = operand.SetEndValue.Value.ToString(); break; case ArmInstructionOperandType.SysRegister: operandValue = operand.SysRegisterValue.Value.ToString(); break; } Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue); // Handle Memory Operand. // // ... if (operand.Type == ArmInstructionOperandType.Memory) { Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister); Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement); Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister); Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale); Console.WriteLine(); } Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted); Console.WriteLine("\t\t\t Shifter = -->"); Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type); Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value); Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex); } Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags); Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType); Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize); Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack); } Console.WriteLine(); } } }