📄 disasm.cpp
字号:
// Disasm.cpp: implementation of the CDisasm class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "LeeDisasm.h"
#include "Disasm.h"
#include "LeeDisasmView.h"
#ifdef _DEBUG
#undef THIS_FILE
static char THIS_FILE[]=__FILE__;
#define new DEBUG_NEW
#endif
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
char R8[8][3] = {"AL", "CL", "DL", "BL", "AH", "CH", "DH", "BH"};
char R16[8][3] = {"AX", "CX", "DX", "BX", "SP", "BP", "SI", "DI"};
char R32[8][4] = {"EAX", "ECX", "EDX", "EBX", "ESP", "EBP", "ESI", "EDI"};
char MM[8][4] ={"MM0", "MM1", "MM2", "MM3", "MM4", "MM5", "MM6", "MM7"};
char Seg[6][4] = {"ES:", "CS:", "SS:", "DS:", "FS:", "GS:"};
int BinSearch(unsigned char* pArray, unsigned char cTarget, int iArraySize)
{
int iLow = 0;
int iHigh = iArraySize;
int iMid = 0;
unsigned char cTemp = 0;
while(iLow <= iHigh)
{
iMid = iLow + (iHigh-iLow)/2;
cTemp = *(pArray+iMid);
if(cTarget < cTemp)
iHigh = iMid-1;
else if(cTarget > cTemp)
iLow = iMid+1;
else
break;
}
if(iLow > iHigh)
return -1;
else
return iMid;
}
void ParseByte(unsigned char cModRM, unsigned char& cMod, unsigned char& cR, unsigned char& cRM)
{
cMod = 192;
cMod = (cModRM & cMod) >> 6;
cR = 56;
cR = (cModRM & cR) >> 3;
cRM = 7;
cRM = (cModRM & cRM);
}
int ParseIM8(char cTarget, char* szIM8)
{
char cTemp = cTarget;
int iNeg = 0;
cTemp = cTemp >> 7;
if(cTemp == 0)
{
iNeg = 0;
sprintf(szIM8, "%02XH", cTarget);
return iNeg;
}
if(cTarget == -128)
{
iNeg = 1;
sprintf(szIM8, "-80H");
return iNeg;
}
cTemp = cTarget;
cTemp = ~cTemp;
cTemp += 1;
iNeg = 1;
sprintf(szIM8, "-%02XH", cTemp);
return iNeg;
}
int ParseIM16(short shTarget, char* szIM16)
{
short shTemp = shTarget;
int iNeg = 0;
shTemp = shTemp >> 15;
if(shTemp == 0)
{
iNeg = 0;
sprintf(szIM16, "%04XH", shTarget);
return iNeg;
}
shTemp = shTarget;
shTemp = ~shTemp;
shTemp += 1;
iNeg = 1;
sprintf(szIM16, "-%04XH", shTemp);
return iNeg;
}
int ParseIM32(int iTarget, char* szIM32)
{
int iTemp = iTarget;
int iNeg = 0;
iTemp = iTemp >> 31;
if(iTemp == 0)
{
iNeg = 0;
sprintf(szIM32, "%04XH", iTarget);
return iNeg;
}
iTemp = iTarget;
iTemp = ~iTemp;
iTemp += 1;
iNeg = 1;
sprintf(szIM32, "-%08XH", iTemp);
return iNeg;
}
int Func_RM(char* const pData, int iCodeSize, int iOpcodeOffset, int iValPrefix, int iSegPrefix, int iRM8_16_32, int iR8_16_32, char* szR, char* szRM)
{
char* pCodeData = pData;
char strTemp[64];
char szIM8[10];
char szIM32[20];
unsigned char cModRM = 0, cMod = 0, cR = 0, cRM = 0;
unsigned char cSIB = 0, cScale = 0, cIndex = 0, cBase = 0;
char cOffset = 0;
DWORD dwOffset = 0;
int iOffset = 0;
cModRM = *(pCodeData+1+iOpcodeOffset);
ParseByte(cModRM, cMod, cR, cRM);
if(szR != NULL)
{
switch(iR8_16_32)
{
case 0:
if(iValPrefix)
strcpy(szR, R16[cR]);
else
strcpy(szR, R32[cR]);
break;
case 1:
strcpy(szR, R8[cR]);
break;
case 2:
strcpy(szR, R16[cR]);
break;
case 3:
strcpy(szR, R32[cR]);
break;
case 4:
if(cR < 6)
strcpy(szR, Seg[cR]);
else
strcpy(szR, "ErrSeg");
break;
default:
;
}
}
switch(cMod)
{
case 0:
if(cRM != 4 && cRM != 5)
{
sprintf(szRM, "[%s]", R32[cRM]);
iCodeSize += 1;
}
else
{
if(cRM == 4)
{
cSIB = *(pCodeData+2+iOpcodeOffset);
ParseByte(cSIB, cScale, cIndex, cBase);
sprintf(szRM, "[%s*%d+%s]", R32[cIndex], 1 << cScale, R32[cBase]);
iCodeSize += 2;
}
else
{
dwOffset = *(DWORD*)(pCodeData+2+iOpcodeOffset);
sprintf(szRM, "[%08XH]", dwOffset);
iCodeSize += 5;
}
}
break;
case 1:
if(cRM != 4)
{
cOffset = *(char*)(pCodeData+2+iOpcodeOffset);
ParseIM8(cOffset, szIM8);
if(cOffset < 0)
sprintf(szRM, "[%s%s]", R32[cRM], szIM8);
else
sprintf(szRM, "[%s+%s]", R32[cRM], szIM8);
iCodeSize += 2;
}
else
{
cSIB = *(pCodeData+2+iOpcodeOffset);
cOffset = *(pCodeData+3+iOpcodeOffset);
ParseIM8(cOffset, szIM8);
ParseByte(cSIB, cScale, cIndex, cBase);
if(cOffset < 0)
sprintf(szRM, "[%s*%d+%s%s]", R32[cIndex], 1 << cScale, R32[cBase], szIM8);
else
sprintf(szRM, "[%s*%d+%s+%s]", R32[cIndex], 1 << cScale, R32[cBase], szIM8);
iCodeSize += 3;
}
break;
case 2:
if(cRM != 4)
{
iOffset = *(int*)(pCodeData+2+iOpcodeOffset);
ParseIM32(iOffset, szIM32);
if(iOffset < 0)
sprintf(szRM, "[%s%s]", R32[cRM], szIM32);
else
sprintf(szRM, "[%s+%s]", R32[cRM], szIM32);
iCodeSize += 5;
}
else
{
cSIB = *(pCodeData+2+iOpcodeOffset);
iOffset = *(int*)(pCodeData+3+iOpcodeOffset);
ParseByte(cSIB, cScale, cIndex, cBase);
ParseIM32(iOffset, szIM32);
if(iOffset < 0)
sprintf(szRM, "[%s*%d+%s%s]", R32[cIndex], 1 << cScale, R32[cBase], szIM32);
else
sprintf(szRM, "[%s*%d+%s+%s]", R32[cIndex], 1 << cScale, R32[cBase], szIM32);
iCodeSize += 6;
}
break;
case 3:
switch(iRM8_16_32)
{
case 0:
if(iValPrefix)
strcpy(szRM, R16[cRM]);
else
strcpy(szRM, R32[cRM]);
break;
case 1:
strcpy(szRM, R8[cRM]);
break;
case 2:
strcpy(szRM, R16[cRM]);
break;
case 3:
strcpy(szRM, R32[cRM]);
break;
default:
;
}
iCodeSize += 1;
break;
default:
;
}
if(iSegPrefix > -1)
{
strcpy(strTemp, szRM);
sprintf(szRM, "%s%s", Seg[iSegPrefix], strTemp);
}
if(cMod != 3)
{
strcpy(strTemp, szRM);
switch(iRM8_16_32)
{
case 0:
if(iValPrefix)
sprintf(szRM, "word ptr %s", strTemp);
else
sprintf(szRM, "dword ptr %s", strTemp);
break;
case 1:
sprintf(szRM, "byte ptr %s", strTemp);
break;
case 2:
sprintf(szRM, "word ptr %s", strTemp);
break;
case 3:
sprintf(szRM, "dword ptr %s", strTemp);
break;
case 4:
sprintf(szRM, "qword ptr %s", strTemp);
break;
default:
;
}
}
return iCodeSize;
}
int Func_IM8(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = iOpcodeCnt;
int iOpcodeOffset = iOpcodeCnt -1;
unsigned char cIM = *(unsigned char*)(pCodeData+1+iOpcodeOffset);
sprintf(szAsmCode, "%02XH", cIM);
iCodeSize += 1;
return iCodeSize;
}
int Func_IM16_32(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = iOpcodeCnt;
int iOpcodeOffset = iOpcodeCnt -1;
WORD wOffset = 0;
DWORD dwOffset = 0;
if(iValPrefix)
{
wOffset = *(WORD*)(pCodeData+1+iOpcodeOffset);
sprintf(szAsmCode, "%04XH", wOffset);
iCodeSize += 2;
}
else
{
dwOffset = *(DWORD*)(pCodeData+1+iOpcodeOffset);
sprintf(szAsmCode, "%08XH", dwOffset);
iCodeSize += 4;
}
return iCodeSize;
}
int Func_AL_IM8(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = iOpcodeCnt;
char strR[4];
char strIM[16];
int iOpcodeOffset = iOpcodeCnt -1 ;
unsigned char cIM = *(unsigned char*)(pCodeData+1+iOpcodeOffset);
strcpy(strR, "AL");
iCodeSize += 1;
sprintf(strIM, "%02XH", cIM);
if(*pCodeData == 0xe6)
sprintf(szAsmCode, "%s, %s", strIM, strR);
else
sprintf(szAsmCode, "%s, %s", strR, strIM);
return iCodeSize;
}
int Func_AXE_IM8(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = iOpcodeCnt;
char strR[4];
char strIM[16];
int iOpcodeOffset = iOpcodeCnt -1 ;
unsigned char cIM = *(unsigned char*)(pCodeData+1+iOpcodeOffset);
if(iValPrefix)
strcpy(strR, "AX");
else
strcpy(strR, "EAX");
iCodeSize += 1;
sprintf(strIM, "%02XH", cIM);
if(*pCodeData == 0xe7)
sprintf(szAsmCode, "%s, %s", strIM, strR);
else
sprintf(szAsmCode, "%s, %s", strR, strIM);
return iCodeSize;
}
int Func_AXE_IM16_32(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = 1;
char strR[4];
char strIM[16];
WORD wOffset = 0;
DWORD dwOffset = 0;
int iOpcodeOffset = iOpcodeCnt -1;
if(iValPrefix)
strcpy(strR, "AX");
else
strcpy(strR, "EAX");
if(iAddrPrefix)
{
wOffset = *(WORD*)(pCodeData+1+iOpcodeOffset);
sprintf(strIM, "%04XH", wOffset);
iCodeSize = 3;
}
else
{
dwOffset = *(DWORD*)(pCodeData+1+iOpcodeOffset);
sprintf(strIM, "%08XH", dwOffset);
iCodeSize = 5;
}
sprintf(szAsmCode, "%s, %s", strR, strIM);
return iCodeSize;
}
int Func_RM16_32_IM16_32(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = iOpcodeCnt;
char strRM[64];
char strIM[16];
int iOpcodeOffset = iOpcodeCnt -1;
WORD wOffset = 0;
DWORD dwOffset = 0;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -