📄 disasm.cpp
字号:
ParseByte(cModRM, cMod, cR, cRM);
switch(cTarget)
{
case 0x80:
strcpy(szOpcode, sz808183Code[cR]);
iCodeSize = Func_RM8_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0x81:
strcpy(szOpcode, sz808183Code[cR]);
iCodeSize = Func_RM16_32_IM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0x83:
strcpy(szOpcode, sz808183Code[cR]);
iCodeSize = Func_RM16_32_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xc0:
strcpy(szOpcode, szC0C1D0D1D2D3[cR]);
iCodeSize = Func_RM8_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xc1:
strcpy(szOpcode, szC0C1D0D1D2D3[cR]);
iCodeSize = Func_RM16_32_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xd0:
strcpy(szOpcode, szC0C1D0D1D2D3[cR]);
iCodeSize = Func_RM8_1(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xd1:
strcpy(szOpcode, szC0C1D0D1D2D3[cR]);
iCodeSize = Func_RM16_32_1(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xd2:
strcpy(szOpcode, szC0C1D0D1D2D3[cR]);
iCodeSize = Func_RM8_CL(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xd3:
strcpy(szOpcode, szC0C1D0D1D2D3[cR]);
iCodeSize = Func_RM16_32_CL(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xd8:
strcpy(szOpcode, szD8DADCDE[cR]);
iCodeSize = Func_M32INT_FP(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xda:
strcpy(szOpcode, szD8DADCDE[cR]);
iCodeSize = Func_M32INT_FP(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xdc:
strcpy(szOpcode, szD8DADCDE[cR]);
iCodeSize = Func_M64INT_FP(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xde:
strcpy(szOpcode, szD8DADCDE[cR]);
iCodeSize = Func_M16INT_FP(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xf6:
strcpy(szOpcode, szF6F7[cR]);
if(cR == 0)
iCodeSize = Func_RM8_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
else
iCodeSize = Func_RM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xf7:
strcpy(szOpcode, szF6F7[cR]);
if(cR == 0)
iCodeSize = Func_RM16_32_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
else
iCodeSize = Func_RM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
break;
case 0xfe:
if(cR == 0)
{
strcpy(szOpcode, "INC");
iCodeSize = Func_RM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 1)
{
strcpy(szOpcode, "DEC");
iCodeSize = Func_RM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else
{
strcpy(szOpcode, "ERR");
iCodeSize = 1;
strcpy(szCode, "");
}
break;
case 0xff:
if(cR == 0)
{
strcpy(szOpcode, "INC");
iCodeSize = Func_RM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 1)
{
strcpy(szOpcode, "DEC");
iCodeSize = Func_RM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 2)
{
strcpy(szOpcode, "CALL");
iCodeSize = Func_RM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 3)
{
strcpy(szOpcode, "CALL");
iCodeSize = Func_M16_16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 4)
{
strcpy(szOpcode, "JMP");
iCodeSize = Func_RM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 5)
{
strcpy(szOpcode, "JMP");
iCodeSize = Func_M16_16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else if(cR == 6)
{
strcpy(szOpcode, "PUSH");
iCodeSize = Func_RM16_32(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
}
else
{
strcpy(szOpcode, "ERR");
strcpy(szCode, "");
iCodeSize = 2;
}
break;
default:
;
}
sprintf(szAsmcode, "%s %s", szOpcode, szCode);
return iCodeSize;
}
//解析0F开头的指令
int Func_Ext0FCode(char* const pData, DWORD dwAddr, int iOpcodeCnt, int iValPrefix, int iAddrPrefix, int iSegPrefix, char* szAsmCode)
{
char* pCodeData = pData;
int iCodeSize = iOpcodeCnt;
int iOpcodeOffset = iOpcodeCnt - 1;
iOpcodeCnt = 2;
iCodeSize = iOpcodeCnt;
char szCode[64];
//取第二个字节
unsigned char cTarget = *(pCodeData+1);
//先检索无操作数指令
int iResult = BinSearch(ImSecCode0FList, cTarget, 24);
if(iResult != -1)
{
strcpy(szAsmCode, szImSecCode0FList[iResult]);
iCodeSize = iOpcodeCnt;
return iCodeSize;
}
//再检索无扩展码指令
iResult = BinSearch(SimpleSecCode0FList, cTarget, 70);
if(iResult != -1)
{
iCodeSize = pSimpleSecCode0F[iResult](pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
sprintf(szAsmCode, "%s %s", szSimpleSecCode0FList[iResult], szCode);
return iCodeSize;
}
if(cTarget != 0xba)
return 2;
iCodeSize = Func_RM16_32_IM8(pData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szCode);
unsigned char cModRM = 0, cMod = 0, cR = 0, cRM = 0;
cModRM = *(pCodeData+2);
ParseByte(cModRM, cMod, cR, cRM);
switch(cR) {
case 4:
sprintf(szAsmCode, "BT, %s", szCode);
break;
case 5:
sprintf(szAsmCode, "BTS, %s", szCode);
break;
case 6:
sprintf(szAsmCode, "BTR, %s", szCode);
break;
case 7:
sprintf(szAsmCode, "BTC, %s", szCode);
break;
default:
return 0;
}
return iCodeSize;
}
void GetBinCode(char *const pData, char *szBinCode, int iCodeSize)
{
CString strTemp =_T("");
char szTemp[4];
unsigned char cTemp = 0;
for(int i = 0; i < iCodeSize; i ++)
{
cTemp = *(pData+i);
sprintf(szTemp, "%02X", cTemp);
strTemp += szTemp;
}
strcpy(szBinCode, strTemp.GetBuffer(0));
}
CDisasm::CDisasm()
{
m_pInstruction = NULL;
m_pView = NULL;
}
CDisasm::CDisasm(CLeeDisasmView* pView)
{
m_pInstruction = NULL;
m_pView = pView;
}
CDisasm::~CDisasm()
{
ReleaseLink();
}
void CDisasm::ReleaseLink()
{
if(m_pInstruction != NULL)
{
ASMINS* pTemp = m_pInstruction;
ASMINS* pNext = pTemp->pNext;
while(pTemp != NULL)
{
pNext = pTemp->pNext;
free(pTemp);
pTemp = pNext;
}
m_pInstruction = NULL;
}
}
void CDisasm::AddAsmCode(DWORD dwAddr, int iCodeSize, char *szBinCode, char *szAsmCode)
{
ASMINS* pLast = m_pInstruction;
ASMINS* pNew = NULL;
if(m_pInstruction == NULL)
{
m_pInstruction = (ASMINS*)malloc(sizeof(ASMINS));
m_pInstruction->dwAddr = dwAddr;
m_pInstruction->iSize = iCodeSize;
strcpy(m_pInstruction->szAsmCode, szAsmCode);
memcpy(m_pInstruction->szBinCode, szBinCode, iCodeSize);
m_pInstruction->pNext = NULL;
return;
}
while(pLast->pNext != NULL)
{
pLast = pLast->pNext;
}
pNew = (ASMINS*)malloc(sizeof(ASMINS));
pNew->dwAddr = dwAddr;
pNew->iSize = iCodeSize;
if(szAsmCode != NULL)
strcpy(pNew->szAsmCode, szAsmCode);
else
strcpy(pNew->szAsmCode, "");
memcpy(pNew->szBinCode, szBinCode, iCodeSize);
pNew->pNext = NULL;
pLast->pNext = pNew;
if(m_pView != NULL)
{
CListCtrl& thelist = m_pView->GetListCtrl();
int iItem = thelist.GetItemCount();
char szAddr[20];
LVITEM lvi;
lvi.mask = LVIF_TEXT;
lvi.iItem = iItem;
lvi.iSubItem = 0;
sprintf(szAddr, "%08X:", dwAddr);
lvi.pszText = szAddr;
thelist.InsertItem(&lvi);
thelist.SetItemText(iItem, 1, szBinCode);
thelist.SetItemText(iItem, 2, szAsmCode);
}
}
void CDisasm::DisAsmCode(char *pCode, DWORD dwAddr, DWORD dwSize)
{
DWORD id = 0;
DISPARAM* Pparam = (DISPARAM*)malloc(sizeof(DISPARAM));
Pparam->pCode = pCode;
Pparam->dwAddr = dwAddr;
Pparam->dwSize = dwSize;
Pparam->pDisasm = this;
HANDLE h = CreateThread(NULL, 0, ThreadDisasm, Pparam, 0, &id);
CloseHandle(h);
}
DWORD WINAPI CDisasm::ThreadDisasm(LPVOID lpParam)
{
DISPARAM* pParam = (DISPARAM*)lpParam;
char* pCodeData = pParam->pCode;
DWORD dwAddr = pParam->dwAddr;
DWORD dwSize = pParam->dwSize;
CDisasm* pDisasm = pParam->pDisasm;
DWORD dwOffset = 0;
char szBinCode[40];
char szRearCode[64];
char szAsmCode[64];
unsigned char cHead = *(pCodeData);
int iResult = 0;
int iCodeSize = 1;
int iOpcodeCnt = 1;
int iValPrefix = 0;
int iAddrPrefix = 0;
int iSegPrefix = -1;
int iAddrOffset = 0;
while(dwOffset < dwSize)
{
iCodeSize = 1;
iAddrOffset = 0;
iOpcodeCnt = 1;
iValPrefix = 0;
iAddrPrefix = 0;
iSegPrefix = -1;
cHead = *(pCodeData);
iResult = BinSearch(ErrCodeSet, cHead, 3);
if(iResult != -1)
{
GetBinCode(pCodeData, szBinCode, iCodeSize);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, NULL);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
continue;
}
while((iResult = BinSearch(CodePrefix, cHead, 8)) != -1)
{
if(iResult < 6)
iSegPrefix = iResult;
else
{
if(iResult = 6)
iValPrefix = 1;
else
iAddrPrefix = 1;
}
dwAddr ++;
dwOffset ++;
pCodeData ++;
cHead = *(pCodeData);
}
if(iValPrefix)
iAddrOffset++;
if(iAddrPrefix)
iAddrOffset++;
if(iSegPrefix!= -1)
iAddrOffset++;
if(cHead == 0xd4 || cHead == 0xd5)
{
iCodeSize = Func_D4D5(pCodeData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szAsmCode);
GetBinCode(pCodeData-iAddrOffset, szBinCode, iCodeSize+iAddrOffset);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, szAsmCode);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
continue;
}
iResult = BinSearch(ImOneCodeList, cHead, 93);
if(iResult != -1)
{
GetBinCode(pCodeData-iAddrOffset, szBinCode, iCodeSize+iAddrOffset);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, szImOneCodeList[iResult]);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
continue;
}
iResult = BinSearch(SimpleCodeList, cHead, 125);
if(iResult != -1)
{
iCodeSize = pSimpleCodeFunc[iResult](pCodeData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szRearCode);
sprintf(szAsmCode, "%s %s", szSimpleCode[iResult], szRearCode);
GetBinCode(pCodeData-iAddrOffset, szBinCode, iCodeSize+iAddrOffset);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, szAsmCode);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
continue;
}
iResult = BinSearch(ExtOneCodeList, cHead, 17);
if(iResult != -1)
{
iCodeSize = Func_ExtSimpCode(pCodeData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szAsmCode);
GetBinCode(pCodeData-iAddrOffset, szBinCode, iCodeSize+iAddrOffset);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, szAsmCode);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
continue;
}
if(cHead == 0x0f)
{
iCodeSize = Func_Ext0FCode(pCodeData, dwAddr, iOpcodeCnt, iValPrefix, iAddrPrefix, iSegPrefix, szAsmCode);
GetBinCode(pCodeData-iAddrOffset, szBinCode, iCodeSize+iAddrOffset);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, szAsmCode);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
continue;
}
GetBinCode(pCodeData-iAddrOffset, szBinCode, iCodeSize+iAddrOffset);
pDisasm->AddAsmCode(dwAddr-iAddrOffset, iCodeSize+iAddrOffset, szBinCode, NULL);
dwOffset += iCodeSize;
dwAddr += iCodeSize;
pCodeData += iCodeSize;
}
free(pParam);
pParam = NULL;
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -