Пример #1
0
        void Disassemble()
        {
            items.Clear();
            x86disassembler.CurrentOffset = startOffset;
            try
            {
                //uint lastOffset = 0;
                while (x86disassembler.CurrentOffset < endOffset)
                {
                    // Debugging purposes:
                    //if (lastOffset == x86disassembler.CurrentOffset)
                    //    System.Diagnostics.Debugger.Break();
                    //lastOffset = x86disassembler.CurrentOffset;

                    x86Instruction instruction = x86disassembler.DisassembleNextInstruction();


                    ListViewItem item = new ListViewItem(new string[] {
                        instruction.Offset.FileOffset.ToString("X8"),
                        BytesToString(instruction.OpCode.OpCodeBytes) + " " + BytesToString(instruction.OperandBytes),
                        instruction.ToAsmString().ToLower(),
                        string.Empty,
                    })
                    {
                        Tag = instruction
                    };

                    item.UseItemStyleForSubItems = false;
                    if (instruction.OpCode.Name.StartsWith("CALL"))
                    {
                        item.SubItems[2].BackColor = Color.Cyan;
                    }
                    if (instruction.OpCode.Name.StartsWith("J"))
                    {
                        item.SubItems[2].BackColor = Color.Yellow;
                    }

                    items.Add(item);

                    Invoke(new Action(() =>
                    {
                        double currentValue = x86disassembler.CurrentOffset - startOffset;
                        double max          = endOffset - startOffset;

                        progressBar.Value = (int)(currentValue / max * 100);
                    }));
                }
            }
            catch (Exception ex)
            {
                items.Add(new ListViewItem(new string[] {
                    x86disassembler.CurrentOffset.ToString("X8"),
                    "Error",
                    ex.GetType().FullName,
                    ex.Message,
                    ex.ToString(),
                }));
            }
        }
Пример #2
0
 void Analyse(ListView.ListViewItemCollection items)
 {
     for (int i = 0; i < items.Count; i++)
     {
         x86Instruction instruction = items[i].Tag as x86Instruction;
         if (instruction != null)
         {
             try
             {
                 if (instruction.OpCode.IsBasedOn(x86OpCodes.Call_DwordPtr))
                 {
                     items[i].SubItems[disassemblyView.Columns.Count - 1].Text = ((Offset)instruction.Operand1.Value).ToMethod(assembly).FullName;
                 }
             }
             catch
             {
             }
         }
     }
 }
Пример #3
0
 /// <summary>
 /// Creates a new instance of the ReadingProcessChangedEventArgs containing information about the new instruction and offset.
 /// </summary>
 /// <param name="totallength">The total lenght of the bytes.</param>
 /// <param name="currentoffset">The current offset of the bytes.</param>
 /// <param name="NewInstruction">The new instruction that is read from the bytes.</param>
 public ReadingProcessChangedEventArgs(long totallength, int currentoffset, x86Instruction NewInstruction)
 {
     filelength     = totallength;
     current        = currentoffset;
     newinstruction = NewInstruction;
 }