Пример #1
0
        /// <summary>Invoke the native Capstone exported function that will open
        /// a disassembler for the given pair of architecture and mode.</summary>
        /// <param name="architecture">Target architecture</param>
        /// <param name="mode">Target mode</param>
        /// <returns>The native handle that is to be wrapped by our super class
        /// safe handle.</returns>
        /// <remarks>This method is for use by the constructor exclusively.</remarks>
        private static IntPtr CreateNativeAssembler(DisassembleArchitecture architecture,
                                                    DisassembleMode mode)
        {
            IntPtr native;

            CapstoneImport.Open(architecture, mode, out native).ThrowOnCapstoneError();
            return(native);
        }
Пример #2
0
 /// <summary>Create a Disassembler.</summary>
 /// <param name="architecture">The disassembler's architecture.</param>
 /// <param name="mode">The disassembler's mode.</param>
 protected CapstoneDisassembler(DisassembleArchitecture architecture, DisassembleMode mode)
     : base(CreateNativeAssembler(architecture, mode))
 {
     this.Architecture  = architecture;
     this._mode         = mode;
     this.EnableDetails = false;
     this.Syntax        = DisassembleSyntaxOptionValue.Default;
     return;
 }
        /// <summary>
        ///     Create a Disassembler.
        /// </summary>
        /// <param name="architecture">
        ///     The disassembler's architecture.
        /// </param>
        /// <param name="mode">
        ///     The disassembler's mode.
        /// </param>
        protected CapstoneDisassembler(DisassembleArchitecture architecture, DisassembleMode mode)
        {
            this._architecture = architecture;
            this._mode         = mode;

            this._handle       = NativeCapstone.Create(this._architecture, this._mode);
            this.EnableDetails = false;
            this.Syntax        = DisassembleSyntaxOptionValue.Default;
        }
Пример #4
0
        /// <summary>
        ///     Set Disassemble Mode Option.
        /// </summary>
        /// <param name="handle">
        ///     A Capstone handle. Should not be a null reference.
        /// </param>
        /// <param name="mode">
        ///     A disassemble mode.
        /// </param>
        /// <exception cref="System.InvalidOperationException">
        ///     Thrown if the disassemble mode option could not be set.
        /// </exception>
        public static void SetDisassembleModeOption(SafeCapstoneHandle handle, DisassembleMode mode)
        {
            var       pHandle = handle.DangerousGetHandle();
            const int iOption = (int)DisassembleOptionType.Mode;

            // Set Disassemble Option.
            //
            // ...
            var resultCode = CapstoneImport.SetOption(pHandle, iOption, (IntPtr)mode);

            if (resultCode != (int)DisassembleErrorCode.Ok)
            {
                throw new InvalidOperationException("Unable to set disassemble mode option.");
            }
        }
Пример #5
0
        /// <summary>
        ///     Create a Capstone Disassembler.
        /// </summary>
        /// <param name="architecture">
        ///     The disassemble architecture.
        /// </param>
        /// <param name="mode">
        ///     The disassemble mode.
        /// </param>
        /// <returns>
        ///     A Capstone handle.
        /// </returns>
        /// <exception cref="System.InvalidOperationException">
        ///     Thrown if a Capstone disassembler could not be created.
        /// </exception>
        public static SafeCapstoneHandle Create(DisassembleArchitecture architecture, DisassembleMode mode) {
            var iArchitecture = (int) architecture;
            var iMode = (int) mode;
            var pHandle = IntPtr.Zero;

            // Open Capstone Handle.
            //
            // ...
            var resultCode = CapstoneImport.Open(iArchitecture, iMode, ref pHandle);
            if (resultCode != (int) DisassembleErrorCode.Ok) {
                throw new InvalidOperationException("Unable to create a Capstone disassembler.");
            }

            var handle = new SafeCapstoneHandle(pHandle);
            return handle;
        }
Пример #6
0
        static void Disassembly(string[] data, DisassembleMode mode)
        {
            switch (mode)
            {
            case DisassembleMode.NormalEvent:
                NormalEventProcess(data);
                break;

            case DisassembleMode.SpecialEvent:
                SpecialEventProcess(data);
                break;

            case DisassembleMode.FreeEvent:
                FreeEventProcess(data);
                break;

            default:
                break;
            }
        }
        /// <summary>
        ///     Create an X86 Disassembler.
        /// </summary>
        /// <param name="mode">
        ///     The disassembler's mode.
        /// </param>
        /// <returns>
        ///     A capstone disassembler.
        /// </returns>
        public static CapstoneDisassembler <X86Instruction, X86Register, X86InstructionGroup, X86InstructionDetail> CreateX86Disassembler(DisassembleMode mode)
        {
            var @object = new CapstoneX86Disassembler(mode);

            return(@object);
        }
Пример #8
0
        internal static void ShowArm(DisassembleMode mode)
        {
            using (CapstoneArmDisassembler disassembler = new CapstoneArmDisassembler(mode)) {
                disassembler.EnableDetails = true;
                disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;
                byte[] code = new byte[0];
                switch (mode) {
                    case DisassembleMode.Arm32:
                        code = new byte[] {0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00};
                        break;
                    case (int)DisassembleMode.Arm32 + DisassembleMode.ArmV8:
                        code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 };
                        break;
                    case DisassembleMode.ArmThumb:
                        code = new byte[] {0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84};
                        break;
                    case (int) DisassembleMode.ArmThumb + DisassembleMode.ArmCortexM:
                        code = new byte[] {0xef, 0xf3, 0x02, 0x80};
                        break;
                }

                var instructions = disassembler.Disassemble(code);
                string hexCode = BitConverter.ToString(code).Replace("-", " ");
                Console.WriteLine(hexCode);
                Console.WriteLine();

                foreach (var instruction in instructions) {
                    Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
                    Console.WriteLine("\t Id = {0}", instruction.Id);

                    if (instruction.ArchitectureDetail != null) {
                        Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag);
                        Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode);
                        Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
                        Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters);
                        Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier);
                        Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);

                        foreach (ArmInstructionOperand operand in instruction.ArchitectureDetail.Operands) {
                            string operandValue = null;
                            switch (operand.Type) {
                                case ArmInstructionOperandType.CImmediate:
                                    operandValue = operand.ImmediateValue.Value.ToString("X");
                                    break;
                                case ArmInstructionOperandType.FloatingPoint:
                                    operandValue = operand.FloatingPointValue.Value.ToString();
                                    break;
                                case ArmInstructionOperandType.Immediate:
                                    operandValue = operand.ImmediateValue.Value.ToString("X");
                                    break;
                                case ArmInstructionOperandType.PImmediate:
                                    operandValue = operand.ImmediateValue.Value.ToString("X");
                                    break;
                                case ArmInstructionOperandType.Memory:
                                    operandValue = "-->";
                                    break;
                                case ArmInstructionOperandType.Register:
                                    operandValue = operand.RegisterValue.Value.ToString();
                                    break;
                                case ArmInstructionOperandType.SetEnd:
                                    operandValue = operand.SetEndValue.Value.ToString();
                                    break;
                                case ArmInstructionOperandType.SysRegister:
                                    operandValue = operand.SysRegisterValue.Value.ToString();
                                    break;
                            }
                            Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);

                            if (operand.Type == ArmInstructionOperandType.Memory) {
                                Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
                                Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
                                Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
                                Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale);
                                Console.WriteLine();
                            }

                            Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted);
                            Console.WriteLine("\t\t\t Shifter = -->");
                            Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
                            Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);

                            Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
                        }

                        Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
                        Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType);
                        Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize);
                        Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
                    }

                    Console.WriteLine();
                }
            }
        }
        /// <summary>
        ///     Create a Capstone Disassembler.
        /// </summary>
        /// <param name="architecture">
        ///     The disassemble architecture.
        /// </param>
        /// <param name="mode">
        ///     The disassemble mode.
        /// </param>
        /// <returns>
        ///     A Capstone handle.
        /// </returns>
        /// <exception cref="System.InvalidOperationException">
        ///     Thrown if a Capstone disassembler could not be created.
        /// </exception>
        public static SafeCapstoneHandle Create(DisassembleArchitecture architecture, DisassembleMode mode)
        {
            var iArchitecture = (int)architecture;
            var iMode         = (int)mode;
            var pHandle       = IntPtr.Zero;

            // Open Capstone Handle.
            //
            // ...
            var resultCode = CapstoneImport.Open(iArchitecture, iMode, ref pHandle);

            if (resultCode != (int)DisassembleErrorCode.Ok)
            {
                throw new InvalidOperationException("Unable to create a Capstone disassembler.");
            }

            var handle = new SafeCapstoneHandle((UIntPtr)(ulong)(long)pHandle);

            return(handle);
        }
        /// <summary>
        ///     Create a ARM64 Disassembler.
        /// </summary>
        /// <param name="mode">
        ///     The disassembler's mode.
        /// </param>
        /// <returns>
        ///     A capstone disassembler.
        /// </returns>
        public static CapstoneDisassembler <Arm64Instruction, Arm64Register, Arm64InstructionGroup, Arm64InstructionDetail> CreateArm64Disassembler(DisassembleMode mode)
        {
            var @object = new CapstoneArm64Disassembler(mode);

            return(@object);
        }
Пример #11
0
        internal static void ShowArm(DisassembleMode mode)
        {
            // Create ARM Disassembler.
            //
            // Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically
            // when it is no longer needed.
            using (var disassembler = CapstoneDisassembler.CreateArmDisassembler(mode)) {
                // Enable Disassemble Details.
                //
                // Enables disassemble details, which are disabled by default, to provide more detailed information on
                // disassembled binary code.
                disassembler.EnableDetails = true;

                // Set Disassembler's Syntax.
                //
                // Make the disassembler generate instructions in Intel syntax.
                disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;

                var code = new byte[0];
                switch (mode)
                {
                case DisassembleMode.Arm32:
                    code = new byte[] { 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00 };
                    break;

                case (int)DisassembleMode.Arm32 + DisassembleMode.ArmV8:
                    code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 };
                    break;

                case DisassembleMode.ArmThumb:
                    code = new byte[] { 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84 };
                    break;

                case DisassembleMode.ArmThumbArmCortexM:
                    code = new byte[] { 0xef, 0xf3, 0x02, 0x80 };
                    break;
                }

                // Disassemble All Binary Code.
                //
                // ...
                var instructions = disassembler.DisassembleAll(code);

                var hexCode = BitConverter.ToString(code).Replace("-", " ");
                Console.WriteLine(hexCode);
                Console.WriteLine();

                // Loop Through Each Disassembled Instruction.
                // ...
                foreach (var instruction in instructions)
                {
                    Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
                    Console.WriteLine("\t Id = {0}", instruction.Id);

                    if (instruction.ArchitectureDetail != null)
                    {
                        Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag);
                        Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode);
                        Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
                        Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters);
                        Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier);
                        Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);

                        // Loop Through Each Instruction's Operands.
                        //
                        // ...
                        foreach (var operand in instruction.ArchitectureDetail.Operands)
                        {
                            string operandValue = null;
                            switch (operand.Type)
                            {
                            case ArmInstructionOperandType.CImmediate:
                                operandValue = operand.ImmediateValue.Value.ToString("X");
                                break;

                            case ArmInstructionOperandType.FloatingPoint:
                                operandValue = operand.FloatingPointValue.Value.ToString();
                                break;

                            case ArmInstructionOperandType.Immediate:
                                operandValue = operand.ImmediateValue.Value.ToString("X");
                                break;

                            case ArmInstructionOperandType.PImmediate:
                                operandValue = operand.ImmediateValue.Value.ToString("X");
                                break;

                            case ArmInstructionOperandType.Memory:
                                operandValue = "-->";
                                break;

                            case ArmInstructionOperandType.Register:
                                operandValue = operand.RegisterValue.Value.ToString();
                                break;

                            case ArmInstructionOperandType.SetEnd:
                                operandValue = operand.SetEndValue.Value.ToString();
                                break;

                            case ArmInstructionOperandType.SysRegister:
                                operandValue = operand.SysRegisterValue.Value.ToString();
                                break;
                            }

                            Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);

                            // Handle Memory Operand.
                            //
                            // ...
                            if (operand.Type == ArmInstructionOperandType.Memory)
                            {
                                Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
                                Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
                                Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
                                Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale);
                                Console.WriteLine();
                            }

                            Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted);
                            Console.WriteLine("\t\t\t Shifter = -->");
                            Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
                            Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);

                            Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
                        }

                        Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
                        Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType);
                        Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize);
                        Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
                    }

                    Console.WriteLine();
                }
            }
        }
 /// <summary>Create a Capstone ARM Disassembler.</summary>
 /// <param name="mode">The disassembler's mode.</param>
 public CapstoneArmDisassembler(DisassembleMode mode)
     : base(DisassembleArchitecture.Arm, mode)
 {
     return;
 }
Пример #13
0
 /// <summary>
 ///     Create a Capstone ARM Disassembler.
 /// </summary>
 /// <param name="mode">
 ///     The disassembler's mode.
 /// </param>
 internal CapstoneArmDisassembler(DisassembleMode mode) : base(DisassembleArchitecture.Arm, mode)
 {
 }
Пример #14
0
 //////////////////////////////////////////////  Disassembler  //////////////////////////////////////////////
 public static String DisassembleLine(byte[] source, uint index, uint address, DisassembleMode disassembleMode, out int length)
 {
     StringBuilder disassembledString = new StringBuilder(256);
     length = NativeMethods.DisassembleInstruction(source, source.Length, index, address, disassembleMode, disassembledString);
     return disassembledString.ToString().Trim();
 }
Пример #15
0
        /// <summary>
        ///     Set Disassemble Mode Option.
        /// </summary>
        /// <param name="handle">
        ///     A Capstone handle. Should not be a null reference.
        /// </param>
        /// <param name="mode">
        ///     A disassemble mode.
        /// </param>
        /// <exception cref="System.InvalidOperationException">
        ///     Thrown if the disassemble mode option could not be set.
        /// </exception>
        public static void SetDisassembleModeOption(SafeCapstoneHandle handle, DisassembleMode mode) {
            var pHandle = handle.DangerousGetHandle();
            const int iOption = (int) DisassembleOptionType.Mode;

            // Set Disassemble Option.
            //
            // ...
            var resultCode = CapstoneImport.SetOption(pHandle, iOption, (IntPtr) mode);
            if (resultCode != (int) DisassembleErrorCode.Ok) {
                throw new InvalidOperationException("Unable to set disassemble mode option.");
            }
        }
Пример #16
0
 internal static extern CapstoneErrorCode Open(
     [In] DisassembleArchitecture architecture,
     [In] DisassembleMode mode,
     [Out] out IntPtr handle);
Пример #17
0
        internal static void ShowArm(DisassembleMode mode)
        {
            using (CapstoneArmDisassembler disassembler = new CapstoneArmDisassembler(mode)) {
                disassembler.EnableDetails = true;
                disassembler.Syntax        = DisassembleSyntaxOptionValue.Intel;
                byte[] code = new byte[0];
                switch (mode)
                {
                case DisassembleMode.Arm32:
                    code = new byte[] { 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00 };
                    break;

                case (int)DisassembleMode.Arm32 + DisassembleMode.ArmV8:
                    code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 };
                    break;

                case DisassembleMode.ArmThumb:
                    code = new byte[] { 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84 };
                    break;

                case (int)DisassembleMode.ArmThumb + DisassembleMode.ArmCortexM:
                    code = new byte[] { 0xef, 0xf3, 0x02, 0x80 };
                    break;
                }

                var    instructions = disassembler.Disassemble(code);
                string hexCode      = BitConverter.ToString(code).Replace("-", " ");
                Console.WriteLine(hexCode);
                Console.WriteLine();

                foreach (var instruction in instructions)
                {
                    Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
                    Console.WriteLine("\t Id = {0}", instruction.Id);

                    if (instruction.ArchitectureDetail != null)
                    {
                        Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag);
                        Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode);
                        Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
                        Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters);
                        Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier);
                        Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);

                        foreach (ArmInstructionOperand operand in instruction.ArchitectureDetail.Operands)
                        {
                            string operandValue = null;
                            switch (operand.Type)
                            {
                            case ArmInstructionOperandType.CImmediate:
                                operandValue = operand.ImmediateValue.Value.ToString("X");
                                break;

                            case ArmInstructionOperandType.FloatingPoint:
                                operandValue = operand.FloatingPointValue.Value.ToString();
                                break;

                            case ArmInstructionOperandType.Immediate:
                                operandValue = operand.ImmediateValue.Value.ToString("X");
                                break;

                            case ArmInstructionOperandType.PImmediate:
                                operandValue = operand.ImmediateValue.Value.ToString("X");
                                break;

                            case ArmInstructionOperandType.Memory:
                                operandValue = "-->";
                                break;

                            case ArmInstructionOperandType.Register:
                                operandValue = operand.RegisterValue.Value.ToString();
                                break;

                            case ArmInstructionOperandType.SetEnd:
                                operandValue = operand.SetEndValue.Value.ToString();
                                break;

                            case ArmInstructionOperandType.SysRegister:
                                operandValue = operand.SysRegisterValue.Value.ToString();
                                break;
                            }
                            Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);

                            if (operand.Type == ArmInstructionOperandType.Memory)
                            {
                                Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
                                Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
                                Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
                                Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale);
                                Console.WriteLine();
                            }

                            Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted);
                            Console.WriteLine("\t\t\t Shifter = -->");
                            Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
                            Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);

                            Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
                        }

                        Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
                        Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType);
                        Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize);
                        Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
                    }

                    Console.WriteLine();
                }
            }
        }
Пример #18
0
 /// <summary>
 ///     Create a Capstone X86 Disassembler.
 /// </summary>
 /// <param name="mode">
 ///     The disassembler's mode.
 /// </param>
 internal CapstoneX86Disassembler(DisassembleMode mode) : base(DisassembleArchitecture.X86, mode)
 {
 }
Пример #19
0
 /// <summary>Create a Capstone X86 Disassembler.</summary>
 /// <param name="mode">The disassembler's mode.</param>
 public CapstoneX86Disassembler(DisassembleMode mode)
     : base(DisassembleArchitecture.X86, mode)
 {
     return;
 }
Пример #20
0
 public void SetDisassembleMode(DisassembleMode mode)
 {
     dasmMode = mode;
 }
Пример #21
0
        internal static void ShowArm(DisassembleMode mode) {
            // Create ARM Disassembler.
            //
            // Creating the disassembler in a "using" statement ensures that resources get cleaned up automatically
            // when it is no longer needed.
            using (var disassembler = CapstoneDisassembler.CreateArmDisassembler(mode)) {
                // Enable Disassemble Details.
                //
                // Enables disassemble details, which are disabled by default, to provide more detailed information on
                // disassembled binary code.
                disassembler.EnableDetails = true;

                // Set Disassembler's Syntax.
                //
                // Make the disassembler generate instructions in Intel syntax.
                disassembler.Syntax = DisassembleSyntaxOptionValue.Intel;

                var code = new byte[0];
                switch (mode) {
                    case DisassembleMode.Arm32:
                        code = new byte[] { 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3, 0x00, 0x02, 0x01, 0xf1, 0x05, 0x40, 0xd0, 0xe8, 0xf4, 0x80, 0x00, 0x00 };
                        break;
                    case (int) DisassembleMode.Arm32 + DisassembleMode.ArmV8:
                        code = new byte[] { 0xe0, 0x3b, 0xb2, 0xee, 0x42, 0x00, 0x01, 0xe1, 0x51, 0xf0, 0x7f, 0xf5 };
                        break;
                    case DisassembleMode.ArmThumb:
                        code = new byte[] { 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68, 0x1f, 0xb1, 0x30, 0xbf, 0xaf, 0xf3, 0x20, 0x84 };
                        break;
                    case DisassembleMode.ArmThumbArmCortexM:
                        code = new byte[] { 0xef, 0xf3, 0x02, 0x80 };
                        break;
                }

                // Disassemble All Binary Code.
                //
                // ...
                var instructions = disassembler.DisassembleAll(code);

                var hexCode = BitConverter.ToString(code).Replace("-", " ");
                Console.WriteLine(hexCode);
                Console.WriteLine();

                // Loop Through Each Disassembled Instruction.
                // ...
                foreach (var instruction in instructions) {
                    Console.WriteLine("{0:X}: \t {1} \t {2}", instruction.Address, instruction.Mnemonic, instruction.Operand);
                    Console.WriteLine("\t Id = {0}", instruction.Id);

                    if (instruction.ArchitectureDetail != null) {
                        Console.WriteLine("\t CPS Flag = {0}", instruction.ArchitectureDetail.CpsFlag);
                        Console.WriteLine("\t CPS Mode = {0}", instruction.ArchitectureDetail.CpsMode);
                        Console.WriteLine("\t Code Condition = {0}", instruction.ArchitectureDetail.CodeCondition);
                        Console.WriteLine("\t Load User Mode Registers? {0}", instruction.ArchitectureDetail.LoadUserModeRegisters);
                        Console.WriteLine("\t Memory Barrier = {0}", instruction.ArchitectureDetail.MemoryBarrier);
                        Console.WriteLine("\t Operand Count: {0}", instruction.ArchitectureDetail.Operands.Length);

                        // Loop Through Each Instruction's Operands.
                        //
                        // ...
                        foreach (var operand in instruction.ArchitectureDetail.Operands) {
                            string operandValue = null;
                            switch (operand.Type) {
                                case ArmInstructionOperandType.CImmediate:
                                    operandValue = operand.ImmediateValue.Value.ToString("X");
                                    break;
                                case ArmInstructionOperandType.FloatingPoint:
                                    operandValue = operand.FloatingPointValue.Value.ToString();
                                    break;
                                case ArmInstructionOperandType.Immediate:
                                    operandValue = operand.ImmediateValue.Value.ToString("X");
                                    break;
                                case ArmInstructionOperandType.PImmediate:
                                    operandValue = operand.ImmediateValue.Value.ToString("X");
                                    break;
                                case ArmInstructionOperandType.Memory:
                                    operandValue = "-->";
                                    break;
                                case ArmInstructionOperandType.Register:
                                    operandValue = operand.RegisterValue.Value.ToString();
                                    break;
                                case ArmInstructionOperandType.SetEnd:
                                    operandValue = operand.SetEndValue.Value.ToString();
                                    break;
                                case ArmInstructionOperandType.SysRegister:
                                    operandValue = operand.SysRegisterValue.Value.ToString();
                                    break;
                            }

                            Console.WriteLine("\t\t {0} = {1}", operand.Type, operandValue);

                            // Handle Memory Operand.
                            //
                            // ...
                            if (operand.Type == ArmInstructionOperandType.Memory) {
                                Console.WriteLine("\t\t\t Base Register = {0} ", operand.MemoryValue.BaseRegister);
                                Console.WriteLine("\t\t\t Displacement = {0:X} ", operand.MemoryValue.Displacement);
                                Console.WriteLine("\t\t\t Index Register = {0} ", operand.MemoryValue.IndexRegister);
                                Console.WriteLine("\t\t\t Index Register Scale = {0} ", operand.MemoryValue.IndexRegisterScale);
                                Console.WriteLine();
                            }

                            Console.WriteLine("\t\t\t Is Subtracted? = {0}", operand.IsSubtracted);
                            Console.WriteLine("\t\t\t Shifter = -->");
                            Console.WriteLine("\t\t\t\t Type = {0}", operand.Shifter.Type);
                            Console.WriteLine("\t\t\t\t Value = {0:X}", operand.Shifter.Value);

                            Console.WriteLine("\t\t\t Vector Index = {0}", operand.VectorIndex);
                        }

                        Console.WriteLine("\t Update Flags? {0}", instruction.ArchitectureDetail.UpdateFlags);
                        Console.WriteLine("\t Vector Data Type = {0}", instruction.ArchitectureDetail.VectorDataType);
                        Console.WriteLine("\t Vector Size= {0}", instruction.ArchitectureDetail.VectorSize);
                        Console.WriteLine("\t Write Back? {0}", instruction.ArchitectureDetail.WriteBack);
                    }

                    Console.WriteLine();
                }
            }
        }