void Disassemble() { items.Clear(); x86disassembler.CurrentOffset = startOffset; try { //uint lastOffset = 0; while (x86disassembler.CurrentOffset < endOffset) { // Debugging purposes: //if (lastOffset == x86disassembler.CurrentOffset) // System.Diagnostics.Debugger.Break(); //lastOffset = x86disassembler.CurrentOffset; x86Instruction instruction = x86disassembler.DisassembleNextInstruction(); ListViewItem item = new ListViewItem(new string[] { instruction.Offset.FileOffset.ToString("X8"), BytesToString(instruction.OpCode.OpCodeBytes) + " " + BytesToString(instruction.OperandBytes), instruction.ToAsmString().ToLower(), string.Empty, }) { Tag = instruction }; item.UseItemStyleForSubItems = false; if (instruction.OpCode.Name.StartsWith("CALL")) { item.SubItems[2].BackColor = Color.Cyan; } if (instruction.OpCode.Name.StartsWith("J")) { item.SubItems[2].BackColor = Color.Yellow; } items.Add(item); Invoke(new Action(() => { double currentValue = x86disassembler.CurrentOffset - startOffset; double max = endOffset - startOffset; progressBar.Value = (int)(currentValue / max * 100); })); } } catch (Exception ex) { items.Add(new ListViewItem(new string[] { x86disassembler.CurrentOffset.ToString("X8"), "Error", ex.GetType().FullName, ex.Message, ex.ToString(), })); } }
void Analyse(ListView.ListViewItemCollection items) { for (int i = 0; i < items.Count; i++) { x86Instruction instruction = items[i].Tag as x86Instruction; if (instruction != null) { try { if (instruction.OpCode.IsBasedOn(x86OpCodes.Call_DwordPtr)) { items[i].SubItems[disassemblyView.Columns.Count - 1].Text = ((Offset)instruction.Operand1.Value).ToMethod(assembly).FullName; } } catch { } } } }
/// <summary> /// Creates a new instance of the ReadingProcessChangedEventArgs containing information about the new instruction and offset. /// </summary> /// <param name="totallength">The total lenght of the bytes.</param> /// <param name="currentoffset">The current offset of the bytes.</param> /// <param name="NewInstruction">The new instruction that is read from the bytes.</param> public ReadingProcessChangedEventArgs(long totallength, int currentoffset, x86Instruction NewInstruction) { filelength = totallength; current = currentoffset; newinstruction = NewInstruction; }