📄 disassembler.pas.bakup
字号:
unit disassembler;
interface
uses sysutils,windows,cefuncproc;
type Tprefix = set of byte;
type TMemory = array [0..23] of byte;
function rd(bt: byte): string;
function rd8(bt:byte): string;
function rd16(bt:byte): string;
function r8(bt:byte): string;
function r16(bt:byte): string;
function r32(bt:byte): string;
function mm(bt:byte): string;
function xmm(bt:byte): string;
function sreg(bt:byte): string;
function CR(bt:byte):string;
function DR(bt:byte):string;
function GetBitOf(Bt: dword; bit: integer): byte;
function getsegmentoverride(prefix: TPrefix): string;
function getmod(bt: byte): byte;
function getRM(bt: byte): byte;
function getREG(bt: byte): byte;
function SIB(memory:TMemory; sibbyte: integer; var last: dword): string;
function MODRM(memory:TMemory; prefix: TPrefix; modrmbyte: integer; inst: integer; var last: dword): string;
function disassemble(var offset: dword; var description: string): string;
function previousopcode(address: dword):dword;
function translatestring(disassembled: string; numberofbytes: integer):string;
implementation
function rd(bt:byte):string;
begin
case bt of
0: result:='eax';
1: result:='ecx';
2: result:='edx';
3: result:='ebx';
4: result:='esp';
5: result:='ebp';
6: result:='esi';
7: result:='edi';
end;
end;
function rd8(bt:byte): string;
begin
case getreg(bt) of
0: result:='al';
1: result:='cl';
2: result:='dl';
3: result:='bl';
4: result:='ah';
5: result:='ch';
6: result:='dh';
7: result:='bh';
end;
end;
function rd16(bt:byte):string;
begin
case bt of
0: result:='ax';
1: result:='cx';
2: result:='dx';
3: result:='bx';
4: result:='sp';
5: result:='bp';
6: result:='si';
7: result:='di';
end;
end;
function r8(bt:byte): string;
begin
case getreg(bt) of
0: result:='al';
1: result:='cl';
2: result:='dl';
3: result:='bl';
4: result:='ah';
5: result:='ch';
6: result:='dh';
7: result:='bh';
end;
end;
function r16(bt:byte): string;
begin
case getreg(bt) of
0: result:='ax';
1: result:='cx';
2: result:='dx';
3: result:='bx';
4: result:='sp';
5: result:='bp';
6: result:='si';
7: result:='di';
end;
end;
function r32(bt:byte): string;
begin
case getreg(bt) of
0: result:='eax';
1: result:='ecx';
2: result:='edx';
3: result:='ebx';
4: result:='esp';
5: result:='ebp';
6: result:='esi';
7: result:='edi';
end;
end;
function xmm(bt:byte): string;
begin
case getreg(bt) of
0: result:='XMM0';
1: result:='XMM1';
2: result:='XMM2';
3: result:='XMM3';
4: result:='XMM4';
5: result:='XMM5';
6: result:='XMM6';
7: result:='XMM7';
end;
end;
function mm(bt:byte): string;
begin
case getreg(bt) of
0: result:='MM0';
1: result:='MM1';
2: result:='MM2';
3: result:='MM3';
4: result:='MM4';
5: result:='MM5';
6: result:='MM6';
7: result:='MM7';
end;
end;
function sreg(bt:byte): string;
begin
case getreg(bt) of
0: result:='ES';
1: result:='CS';
2: result:='SS';
3: result:='DS';
4: result:='FS';
5: result:='GS';
6: result:='HS'; //as if...
7: result:='IS';
end;
end;
function CR(bt:byte):string;
begin
case bt of
0: result:='CR0';
1: result:='CR1';
2: result:='CR2';
3: result:='CR3';
4: result:='CR4';
5: result:='CR5';
6: result:='CR6';
7: result:='CR7';
end;
end;
function DR(bt:byte):string;
begin
case bt of
0: result:='DR0';
1: result:='DR1';
2: result:='DR2';
3: result:='DR3';
4: result:='DR4';
5: result:='DR5';
6: result:='DR6';
7: result:='DR7';
end;
end;
function GetBitOf(Bt: dword; bit: integer): byte;
begin
bt:=bt shl (31-bit);
result:=bt shr 31;
// result:=(bt shl (7-bit)) shr 7; //can someone explain why this isn't working ?
end;
function getsegmentoverride(prefix: TPrefix): string;
begin
if $2e in prefix then result:='CS:' else
if $26 in prefix then result:='ES:' else
if $36 in prefix then result:='SS:' else
if $3e in prefix then result:='' else
if $64 in prefix then result:='FS:' else
if $65 in prefix then result:='GS:';
end;
function getmod(bt: byte): byte;
begin
result:=(bt shr 6) and 3;
end;
function getRM(bt: byte): byte;
begin
result:=bt and 7;
end;
function getREG(bt: byte): byte;
begin
result:=(bt shr 3) and 7;
end;
function MODRM(memory:TMemory; prefix: TPrefix; modrmbyte: integer; inst: integer; var last: dword): string;
var dwordptr: ^dword;
begin
dwordptr:=@memory[modrmbyte+1];
last:=modrmbyte+1;
if $67 in prefix then
begin
// put some 16-bit stuff in here
// but since this is a 32-bit debugger only ,forget it...
end
else
begin
case getmod(memory[modrmbyte]) of
0: case getrm(memory[modrmbyte]) of
0: result:=getsegmentoverride(prefix)+'[EAX],';
1: result:=getsegmentoverride(prefix)+'[ECX],';
2: result:=getsegmentoverride(prefix)+'[EDX],';
3: result:=getsegmentoverride(prefix)+'[EBX],';
4: result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last)+'],';
5: begin
result:=getsegmentoverride(prefix)+'[$'+IntToHex(dwordptr^,8)+'],';
last:=last+4;
end;
6: result:=getsegmentoverride(prefix)+'[ESI],';
7: result:=getsegmentoverride(prefix)+'[EDI],';
end;
1: begin
case getrm(memory[modrmbyte]) of
0: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EAX+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EAX-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
1: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[ECX+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[ECX-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
2: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EDX+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EDX-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
3: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EBX+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EBX-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
4: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last)+'+$'+IntToHex(memory[last],2)+'],' else
result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last)+'+$'+IntToHex(smallint(memory[last]),2)+'],';
5: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EBP+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EBP-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
6: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[ESI+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[ESI-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
7: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EDI+$'+IntToHex(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EDI-$'+IntToHex(smallint(memory[modrmbyte+1]),2)+'],';
end;
inc(last);
end;
2: begin
case getrm(memory[modrmbyte]) of
0: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EAX+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EAX-$'+IntToHex(Longint(dwordptr^),8)+'],';
1: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[ECX+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[ECX-$'+IntToHex(Longint(dwordptr^),8)+'],';
2: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EDX+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EDX-$'+IntToHex(Longint(dwordptr^),8)+'],';
3: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EBX+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EBX-$'+IntToHex(Longint(dwordptr^),8)+'],';
4: begin
if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last)+'+$' else
result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last)+'-$';
dwordptr:=@memory[last];
result:=result+IntToHex(dwordptr^,8)+'],';
end;
5: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EBP+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EBP-$'+IntToHex(Longint(dwordptr^),8)+'],';
6: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[ESI+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[ESI-$'+IntToHex(Longint(dwordptr^),8)+'],';
7: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EDI+$'+IntToHex(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EDI-$'+IntToHex(Longint(dwordptr^),8)+'],';
end;
inc(last,4);
end;
3: begin
case getrm(memory[modrmbyte]) of
0: case inst of
0: result:='EAX,';
1: result:='AX,';
2: result:='AL,';
3: result:='MM0,';
4: result:='XMM0,';
end;
1: case inst of
0: result:='ECX,';
1: result:='CX,';
2: result:='CL,';
3: result:='MM1,';
4: result:='XMM1,';
end;
2: case inst of
0: result:='EDX,';
1: result:='DX,';
2: result:='DL,';
3: result:='MM2,';
4: result:='XMM2,';
end;
3: case inst of
0: result:='EBX,';
1: result:='BX,';
2: result:='BL,';
3: result:='MM3,';
4: result:='XMM3,';
end;
4: case inst of
0: result:='ESP,';
1: result:='SP,';
2: result:='AH,';
3: result:='MM4,';
4: result:='XMM4,';
end;
5: case inst of
0: result:='EBP,';
1: result:='BP,';
2: result:='CH,';
3: result:='MM5,';
4: result:='XMM5,';
end;
6: case inst of
0: result:='ESI,';
1: result:='SI,';
2: result:='DH,';
3: result:='MM6,';
4: result:='XMM6,';
end;
7: case inst of
0: result:='EDI,';
1: result:='DI,';
2: result:='BH,';
3: result:='MM7,';
4: result:='XMM7,';
end;
end;
end;
end;
end;
end;
function SIB(memory:TMemory; sibbyte: integer; var last: dword): string;
var dwordptr: ^dword;
begin
case memory[sibbyte] of
$00 : begin
result:='EAX+EAX';
last:=sibbyte+1;
end;
$01 : begin
result:='ECX+EAX';
last:=sibbyte+1;
end;
$02 : begin
result:='EDX+EAX';
last:=sibbyte+1;
end;
$03 : begin
result:='EBX+EAX';
last:=sibbyte+1;
end;
$04 : begin
result:='ESP+EAX';
last:=sibbyte+1;
end;
$05 : begin
dwordptr:=@memory[sibbyte+1];
case getmod(memory[sibbyte-1]) of
0 : begin
last:=sibbyte+5;
result:='EAX+$'+IntToHex(dwordptr^,8);
end;
1 : begin
last:=sibbyte+2;
result:='EBP+EAX';
end;
2 : begin
last:=sibbyte+1;
result:='EBP+EAX';
end;
3 : begin
result:='error';
end;
end;
end;
$06 : begin
result:='ESI+EAX';
last:=sibbyte+1;
end;
$07 : begin
result:='EDI+EAX';
last:=sibbyte+1;
end;
//--------------
$08 : begin
result:='EAX+ECX';
last:=sibbyte+1;
end;
$09 : begin
result:='ECX+ECX';
last:=sibbyte+1;
end;
$0a : begin
result:='EDX+ECX';
last:=sibbyte+1;
end;
$0b : begin
result:='EBX+ECX';
last:=sibbyte+1;
end;
$0c : begin
result:='ESP+ECX';
last:=sibbyte+1;
end;
$0d : begin
dwordptr:=@memory[sibbyte+1];
case getmod(memory[sibbyte-1]) of
0 : begin
last:=sibbyte+1;
result:='ECX+$'+IntToHex(dwordptr^,8);
end;
1 : begin
last:=sibbyte+2;
result:='EBP+ECX';
end;
2 : begin
last:=sibbyte+1;
result:='EBP+ECX';
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -