private static async Task Run()
{
var nasmInsnsEntries = new List<NasmInsnsEntry>();
foreach (var line in File.ReadAllLines("insns.dat", Encoding.ASCII))
{
if (NasmInsns.IsIgnoredLine(line)) continue;
nasmInsnsEntries.Add(NasmInsns.ParseLine(line));
}
var instructionDecoder = new InstructionDecoder(
new NasmInstructionDecoderLookup(nasmInsnsEntries), CodeContext.Protected_Default32);
var notepadProcess = Process.Start(@"C:\Windows\SysWow64\notepad.exe");
var notepadDebugger = await ProcessDebugger.AttachAsync(notepadProcess.Id, initialBreak: false);
await Task.Delay(TimeSpan.FromSeconds(2));
var brokenThread = await notepadDebugger.BreakAsync();
var context = brokenThread.GetContext(X86.CONTEXT_ALL);
var ip = new ForeignPtr(context.Eip);
var instruction = Decode(instructionDecoder, notepadDebugger, ip);
}
private static Instruction[] Decode(CodeContext context, params byte[] bytes)
{
var decoder = new InstructionDecoder(InstructionLookup.Instance, context);
var instructions = new List<Instruction>();
for (int i = 0; i < bytes.Length; ++i)
{
if (!decoder.Feed(bytes[i]))
{
Assert.AreNotEqual(InstructionDecodingState.Error, decoder.State);
instructions.Add(decoder.GetInstruction());
decoder.Reset();
}
}
Assert.AreEqual(InstructionDecodingState.Initial, decoder.State);
return instructions.ToArray();
}
private static Instruction Decode(InstructionDecoder decoder, ProcessDebugger debugger, ForeignPtr ptr)
{
var reader = new BinaryReader(debugger.OpenMemory(ptr));
while (decoder.Feed(reader.ReadByte())) { }
return decoder.GetInstruction();
}
