📄 disassembler.pas.bakup
字号:
0 : begin
last:=sibbyte+1;
result:='EBP*8+$'+IntToHex(dwordptr^,8);
end;
1 : begin
last:=sibbyte+2;
result:='EBP+EBP*8';
end;
2 : begin
last:=sibbyte+1;
result:='EBP+EBP*8';
end;
3 : begin
result:='error';
end;
end;
end;
$ee : begin
result:='ESI+EBP*8';
last:=sibbyte+1;
end;
$ef : begin
result:='EDI+EBP*8';
last:=sibbyte+1;
end;
//b0-b7
$f0 : begin
result:='EAX+ESI*8';
last:=sibbyte+1;
end;
$f1 : begin
result:='ECX+ESI*8';
last:=sibbyte+1;
end;
$f2 : begin
result:='EDX+ESI*8';
last:=sibbyte+1;
end;
$f3 : begin
result:='EBX+ESI*8';
last:=sibbyte+1;
end;
$f4 : begin
result:='ESP+ESI*8';
last:=sibbyte+1;
end;
$f5 : begin
dwordptr:=@memory[sibbyte+1];
case getmod(memory[sibbyte-1]) of
0 : begin
last:=sibbyte+1;
result:='ESI*8+$'+IntToHex(dwordptr^,8);
end;
1 : begin
last:=sibbyte+2;
result:='EBP+ESI*8';
end;
2 : begin
last:=sibbyte+1;
result:='EBP+ESI*8';
end;
3 : begin
result:='error';
end;
end;
end;
$f6 : begin
result:='ESI+ESI*8';
last:=sibbyte+1;
end;
$f7 : begin
result:='EDI+ESI*8';
last:=sibbyte+1;
end;
//b8-bf
$f8 : begin
result:='EAX+EDI*8';
last:=sibbyte+1;
end;
$f9 : begin
result:='ECX+EDI*8';
last:=sibbyte+1;
end;
$fa : begin
result:='EDX+EDI*8';
last:=sibbyte+1;
end;
$fb : begin
result:='EBX+EDI*8';
last:=sibbyte+1;
end;
$fc : begin
result:='ESP+EDI*8';
last:=sibbyte+1;
end;
$fd : begin
dwordptr:=@memory[sibbyte+1];
case getmod(memory[sibbyte-1]) of
0 : begin
last:=sibbyte+1;
result:='EDI*8+$'+IntToHex(dwordptr^,8);
end;
1 : begin
last:=sibbyte+2;
result:='EBP+EDI*8';
end;
2 : begin
last:=sibbyte+1;
result:='EBP+EDI*8';
end;
3 : begin
result:='error';
end;
end;
end;
$fe : begin
result:='ESI+EDI*8';
last:=sibbyte+1;
end;
$ff : begin
result:='EDI+EDI*8';
last:=sibbyte+1;
end;
end;
end;
function disassemble(var offset: dword; var description: string): string;
var memory: TMemory;
actualread: dword;
startoffset: dword;
tempresult: string;
tempst: string;
wordptr: ^word;
dwordptr: ^dword;
dwordptr2: ^dword;
singleptr: ^single;
doubleptr: ^double;
extenedptr: ^extended;
int64ptr: ^int64;
i: integer;
prefix: TPrefix;
prefix2: TPrefix;
isprefix: boolean;
last: dword;
foundit: boolean;
begin
isprefix:=true;
foundit:=false;
prefix:=[$f0,$f2,$f3,$2e,$36,$3e,$26,$64,$65,$66,$67];
prefix2:=[];
result:=IntToHex(offset,8)+' - ';
startoffset:=offset;
readprocessmemory(processhandle,pointer(offset),addr(memory),24,actualread);
if actualread>0 then
begin
//I HATE THESE... (I propably will not add them all, but I'll see how far I get)
while isprefix do
begin
inc(offset);
if memory[0] in prefix then
begin
result:=result+IntToHex(memory[0],2)+' ';
isprefix:=true;
inc(startoffset);
prefix2:=prefix2+[memory[0]];
readprocessmemory(processhandle,pointer(offset),addr(memory),24,actualread);
end else isprefix:=false;
end;
if $F0 in prefix2 then tempresult:='lock ';
if $F2 in prefix2 then tempresult:=tempresult+'repne ';
if $f3 in prefix2 then tempresult:=tempresult+'repe ';
if not foundit then
case memory[0] of //opcode
$00 : begin
description:='Add';
tempresult:=tempresult+'add '+MODRM(memory,prefix2,1,2,last)+r8(memory[1]);
inc(offset,last-1);
end;
$01 : begin
description:='Add';
if $66 in prefix2 then tempresult:=tempresult+'ADD word ptr '+MODRM(memory,prefix2,1,2,last)+r16(memory[1]) else
tempresult:=tempresult+'ADD '+MODRM(memory,prefix2,1,2,last)+r32(memory[1]);
inc(offset,last-1);
end;
$02 : begin
description:='Add';
tempresult:=tempresult+'ADD '+r8(memory[1])+','+MODRM(memory,prefix2,1,2,last);
tempresult:=copy(tempresult,0,length(tempresult)-1);
inc(offset,last-1);
end;
$03 : begin
description:='Add';
if $66 in prefix2 then tempresult:=tempresult+'ADD '+r16(memory[1])+','+MODRM(memory,prefix2,1,2,last) else
tempresult:=tempresult+'ADD '+r32(memory[1])+','+MODRM(memory,prefix2,1,2,last);
end;
$04 : begin
description:='Add x to y';
tempresult:=tempresult+'ADC AL,$'+inttohex(memory[1],2);
inc(offset);
end;
$05 : begin
description:='Add x to y';
wordptr:=@memory[1];
dwordptr:=@memory[1];
if $66 in prefix2 then
begin
tempresult:=tempresult+'ADC AX,$'+inttohex(wordptr^,4);
inc(offset,2);
end else
begin
tempresult:=tempresult+'ADC AX,$'+inttohex(dwordptr^,8);
inc(offset,4);
end;
end;
$06 : begin
description:='Push Word or Doubleword Onto the Stack';
tempresult:=tempresult+'PUSH ES';
end;
$07 : begin
description:='Pop a Value from the Stack';
tempresult:=tempresult+'POP ES';
end;
$08 : begin
description:='Logical Inclusive OR';
tempresult:=tempresult+'OR '+MODRM(memory,prefix2,1,2,last)+r8(memory[1]);
inc(offset,last-1);
end;
$09 : begin
description:='Logical Inclusive OR';
if $66 in prefix2 then tempresult:=tempresult+'OR word ptr '+MODRM(memory,prefix2,1,2,last)+r16(memory[1]) else
tempresult:=tempresult+'OR '+MODRM(memory,prefix2,1,2,last)+r32(memory[1]);
inc(offset,last-1);
end;
$0a : begin
description:='Logical Inclusive OR';
tempresult:=tempresult+'OR '+r8(memory[1])+','+MODRM(memory,prefix2,1,2,last);
tempresult:=copy(tempresult,0,length(tempresult)-1);
inc(offset,last-1);
end;
$0b : begin
description:='Logical Inclusive OR';
if $66 in prefix2 then tempresult:=tempresult+'OR '+r16(memory[1])+','+MODRM(memory,prefix2,1,2,last) else
tempresult:=tempresult+'OR '+r32(memory[1])+','+MODRM(memory,prefix2,1,2,last);
end;
$0c : begin
description:='Logical Inclusive OR';
tempresult:=tempresult+'OR AL,$'+inttohex(memory[1],2);
inc(offset);
end;
$0d : begin
description:='Logical Inclusive OR';
if $66 in prefix2 then
begin
wordptr:=@memory[1];
tempresult:=tempresult+'OR AX,$'+inttohex(wordptr^,4);
inc(offset,2);
end
else
begin
dwordptr:=@memory[1];
tempresult:=tempresult+'OR EAX,$'+inttohex(dwordptr^,8);
inc(offset,4);
end;
end;
$0e : begin
description:='Push Word or Doubleword Onto the Stack';
tempresult:=tempresult+'PUSH CS';
end;
$0f : begin //SIMD extensions
case memory[1] of
$00 : begin
case getreg(memory[2]) of
0: begin
description:='Store Local Descriptor Table Register';
if $66 in prefix2 then tempresult:=tempresult+'SLDT '+modrm(memory,prefix2,2,1,last) else
tempresult:=tempresult+'SLDT '+modrm(memory,prefix2,2,0,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
1: begin
description:='Store Task Register';
tempresult:=tempresult+'STR '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
2: begin
description:='Load Local Descriptor Table Register';
tempresult:=tempresult+'LLDT '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
3: begin
description:='Load Task Register';
tempresult:=tempresult+'LTR '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
4: begin
description:='Verify a Segment for Reading';
tempresult:=tempresult+'VERR '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
5: begin
description:='Verify a Segment for Writing';
tempresult:=tempresult+'VERW '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
//the following 2 were made up by me.
6: begin
description:='Not specified by the intel documentation';
tempresult:=tempresult+'??6 '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
7: begin
description:='Not specified by the intel documentation';
tempresult:=tempresult+'??7 '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
end;
end;
$01 : begin
case getreg(memory[2]) of
0: begin
description:='Store Global Descriptor Table Register';
tempresult:=tempresult+'SGDT '+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
1: begin
description:='Store Interrupt Descriptor Table Register';
tempresult:=tempresult+'SIDT '+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
2: begin
description:='Load Global Descriptor Table Register';
tempresult:=tempresult+'LGDT '+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
3: begin
description:='Load Interupt Descriptor Table Register';
tempresult:=tempresult+'LIDT '+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
4: begin
description:='Store Machine Status Word';
if $66 in prefix2 then tempresult:=tempresult+'SMSW '+modrm(memory,prefix2,2,1,last)
else tempresult:=tempresult+'SMSW '+modrm(memory,prefix2,2,0,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
6: begin
description:='Load Machine Status Word';
tempresult:=tempresult+'LMSW '+modrm(memory,prefix2,2,1,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
7: begin
description:='Invalidate TLB Entry';
tempresult:=tempresult+'INVPLG '+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
end;
end;
$02 : begin
description:='Load Access Rights Byte';
if $66 in prefix2 then tempresult:=tempresult+'LAR '+r16(memory[2])+','+modrm(memory,prefix2,2,1,last) else
tempresult:=tempresult+'LAR '+r32(memory[2])+','+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
$03 : begin
description:='Load Segment Limit';
if $66 in prefix2 then tempresult:=tempresult+'LSL '+r16(memory[2])+','+modrm(memory,prefix2,2,1,last) else
tempresult:=tempresult+'LSL '+r32(memory[2])+','+modrm(memory,prefix2,2,2,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end;
$06 : begin
description:='Clear Task-Switched Flag in CR0';
tempresult:=tempresult+'CLTS';
inc(offset);
end;
$08 : begin
description:='Invalidate Internal Caches';
tempresult:=tempresult+'INCD';
inc(offset);
end;
$09 : begin
description:='Write Back and Invalidate Cache';
tempresult:=tempresult+'WBINVD';
inc(offset);
end;
$0b : begin
description:='Undefined Instruction(Yes, this one really excists..)';
tempresult:=tempresult+'UD2';
inc(offset);
end;
$10 : begin
if $f3 in prefix2 then
begin
description:='Move Scalar Single-FP';
tempresult:='MOVSS '+xmm(memory[2])+','+modrm(memory,prefix2,2,4,last);
tempresult:=copy(tempresult,1,length(tempresult)-1);
inc(offset,last-1);
end
else
begin
description:='Move Unaligned Four Packed Single-FP';
tempr⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -