📄 disasm.c
字号:
char *pchr2;
unsigned char ModRM;
unsigned char ucPrefix;
unsigned char ucTemp;
CopyMemory(pIA32Decode->SIA32RawInstruction.URawOpcode.ca2ByteRawOpcode,pStart,2);
pIA32Decode->SIA32InstructionHelper.cbRawOpcode = 2;
iRow = pStart[1] >> 4;
iCol = pStart[1] & 0x0F;
if(_2ByteOpcode[iRow][iCol][0].strOpcode == N)
return 1;
for(i = 0; i < 5; i++)
{
pInstructionTemplate = &_2ByteOpcode[iRow][iCol][i];
if(pInstructionTemplate->strOpcode == N)
return 1;
if(!strnicmp(pInstructionTemplate->strOpcode,"__G",strlen("__G")))
{
ModRM = pStart[pIA32Decode->SIA32InstructionHelper.cbRawPrefixes + 2];
pIA32Decode->SIA32RawInstruction.ModRM = ModRM;
pIA32Decode->SIA32InstructionHelper.boolModRMExists = 1;
pchr1 = pInstructionTemplate->strOpcode + strlen("__G");
ucTemp = (unsigned char)strtoul(pchr1,&pchr2,10);
if((ucTemp == 0) || (*pchr2 != 0))
return 0;
if((ModRM & 0xC0) == 0xC0)
FetchInstructionFromOpcodeExtensionsTable(ucTemp,pStart,_11OpcodeExtensions,pIA32Decode);
else
FetchInstructionFromOpcodeExtensionsTable(ucTemp,pStart,MemOpcodeExtensions,pIA32Decode);
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
return 1;
};
if(strchr(pInstructionTemplate->strOpcode,'('))
{
pchr1 = strchr(pInstructionTemplate->strOpcode,'(') + 1;
ucPrefix = (unsigned char)strtoul(pchr1,&pchr2,0x10);
if((*pchr2 != ')') || (ucPrefix == 0))
return 0;
if(!IA32InstructionPrefixExists(ucPrefix,pIA32Decode))
return 1;
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,pInstructionTemplate->strOpcode);
pchr1 = strchr(pIA32Decode->SIA32InstructionDescription.strOpcode,'(');
*pchr1 = 0;
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
return 1;
};
if(strstr(pInstructionTemplate->strOpcode,"[M]")||strstr(pInstructionTemplate->strOpcode,"[R]"))
{
pIA32Decode->SIA32InstructionHelper.boolModRMExists = 1;
ModRM = pStart[pIA32Decode->SIA32InstructionHelper.cbRawPrefixes + 2];
pIA32Decode->SIA32RawInstruction.ModRM = ModRM;
if(strstr(pInstructionTemplate->strOpcode,"[R]"))
if((ModRM & 0xC0) != 0xC0)
return 1;
if(strstr(pInstructionTemplate->strOpcode,"[M]"))
if((ModRM & 0xC0) == 0xC0)
return 1;
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,pInstructionTemplate->strOpcode);
pchr1 = strchr(pIA32Decode->SIA32InstructionDescription.strOpcode,'[');
*pchr1 = 0;
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
return 1;
};
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,pInstructionTemplate->strOpcode);
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
};
return 1;
};
int GetInstructionLength(IA32InstructionDecode *pIA32Decode)
{
return pIA32Decode->SIA32InstructionHelper.boolModRMExists +
pIA32Decode->SIA32InstructionHelper.boolSIBExists +
pIA32Decode->SIA32InstructionHelper.cbRawDisplacement +
pIA32Decode->SIA32InstructionHelper.cbRawImmediate +
pIA32Decode->SIA32InstructionHelper.cbRawOpcode +
pIA32Decode->SIA32InstructionHelper.cbRawPrefixes;
};
int FetchInstructionFromOpcodeExtensionsTable(unsigned const char ucEntry,const unsigned char* pStart,InstructionTemplate OpcodeExtensions[0x10][0x8][0x3],IA32InstructionDecode *pIA32Decode)
{
unsigned char ModRM;
int i, iCol;
const int iRow = ucEntry - 1;
InstructionTemplate *pInstructionTemplate;
char *pchr1;
char *pchr2;
unsigned char ucPrefix;
unsigned char ucTemp;
/* In case we forgot to do some crucial steps somewhere - let's revisit the decode */
if(!pIA32Decode->SIA32InstructionHelper.boolModRMExists)
{
pIA32Decode->SIA32InstructionHelper.boolModRMExists = 1;
if(pStart[pIA32Decode->SIA32InstructionHelper.cbRawPrefixes] == 0x0F)
pIA32Decode->SIA32RawInstruction.ModRM = pStart[pIA32Decode->SIA32InstructionHelper.cbRawPrefixes + 2];
else
pIA32Decode->SIA32RawInstruction.ModRM = pStart[pIA32Decode->SIA32InstructionHelper.cbRawPrefixes + 1];
};
ModRM = pIA32Decode->SIA32RawInstruction.ModRM;
iCol = (ModRM & 0x38) >> 3;
pInstructionTemplate = &OpcodeExtensions[iRow][iCol][0];
if(pInstructionTemplate->strOpcode == N)
return 1;
for(i = 0; i < 3; i++)
{
pInstructionTemplate = &OpcodeExtensions[iRow][iCol][i];
if(pInstructionTemplate->strOpcode == N)
return 1;
if(strchr(pInstructionTemplate->strOpcode,'|'))
{
pchr1 = strchr(pInstructionTemplate->strOpcode,'|') + 1;
ucTemp = (unsigned char)strtoul(pchr1,&pchr2,10);
if(*pchr2 != '|')
return 0;
if((ucTemp & 0x07) == ucTemp)
{
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,pInstructionTemplate->strOpcode);
*(pchr1 - 1) = 0;
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
return 1;
}
};
if(strchr(pInstructionTemplate->strOpcode,'('))
{
pchr1 = strchr(pInstructionTemplate->strOpcode,'(') + 1;
ucPrefix = (unsigned char)strtoul(pchr1,&pchr2,0x10);
if((*pchr2 != ')') || (ucPrefix == 0))
return 0;
if(!IA32InstructionPrefixExists(ucPrefix,pIA32Decode))
return 1;
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,pInstructionTemplate->strOpcode);
pchr1 = strchr(pIA32Decode->SIA32InstructionDescription.strOpcode,'(');
*pchr1 = 0;
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
return 1;
};
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,pInstructionTemplate->strOpcode);
FetchOperandDescriptors(pInstructionTemplate,pIA32Decode);
};
return 1;
};
int FetchOpcode(const char * pLoadAddress, const unsigned char* pStart, IA32InstructionDecode *pIA32Decode, DefaultOperationSizeAttrib DSize)
{
int iRet;
int i;
char strTemp[64];
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,"???");
ZeroMemory(pIA32Decode->SIA32RawInstruction.URawOpcode.ca2ByteRawOpcode,sizeof(pIA32Decode->SIA32RawInstruction.URawOpcode.ca2ByteRawOpcode));
pIA32Decode->SIA32InstructionHelper.cbRawOpcode = 0;
iRet = FetchPrefixes(pStart,pIA32Decode);
pStart += iRet;
pLoadAddress += iRet;
if(IsIA32InstructionPrefix(pStart[0]))
return 1;
if(pStart[0] == 0x0F)
iRet = FetchInstructionFrom2ByteOpcodeTable(pStart, pIA32Decode);
else
iRet = FetchInstructionFrom1ByteOpcodeTable(pStart, pIA32Decode);
if(strchr(pIA32Decode->SIA32InstructionDescription.strOpcode,'/'))
{
strcpy(strTemp,pIA32Decode->SIA32InstructionDescription.strOpcode);
ZeroMemory(pIA32Decode->SIA32InstructionDescription.strOpcode,sizeof(pIA32Decode->SIA32InstructionDescription.strOpcode));
if(DSize == OpSize16)
{
if(!IA32InstructionPrefixExists(0x66,pIA32Decode))
/* take the opcode on the left of the '/' character */
for(i = 0; strTemp[i] != '/'; i++)
pIA32Decode->SIA32InstructionDescription.strOpcode[i] = strTemp[i];
else
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,strchr(strTemp,'/') + 1);
}
else
{
if(IA32InstructionPrefixExists(0x66,pIA32Decode))
/* take the opcode on the left of the '/' character */
for(i = 0; strTemp[i] != '/'; i++)
pIA32Decode->SIA32InstructionDescription.strOpcode[i] = strTemp[i];
else
strcpy(pIA32Decode->SIA32InstructionDescription.strOpcode,strchr(strTemp,'/') + 1);
}
}
return iRet;
};
int isupperstr(const char *str)
{
while(*str)
if(islower(*str++))
return 0;
return 1;
};
int DecodeMMXRegisterRM(const unsigned char ModRM, char* strout)
{
if((ModRM & 0xC0) != 0xC0)
return 0;
sprintf(strout,"mm%d",ModRM & 0x07);
return 1;
};
int DecodeMMXRegisterReg(const unsigned char ModRM, char* strout)
{
return DecodeMMXRegisterRM((unsigned char)((ModRM >> 3) | 0xC0),strout);
};
int DecodeXMMRegisterRM(const unsigned char ModRM, char* strout)
{
return DecodeMMXRegisterRM(ModRM,strout);
};
int DecodeXMMRegisterReg(const unsigned char ModRM, char* strout)
{
return DecodeMMXRegisterReg(ModRM,strout);
};
int DecodeSegmentRegisterReg(const unsigned char ModRM, char* strout)
{
switch((ModRM & 0x38) >> 3)
{
case 0:
strcpy(strout,"es");
break;
case 1:
strcpy(strout,"cs");
break;
case 2:
strcpy(strout,"ss");
break;
case 3:
strcpy(strout,"ds");
break;
case 4:
strcpy(strout,"fs");
break;
case 5:
strcpy(strout,"gs");
break;
default:
strcpy(strout,"??");
break;
};
return 1;
}
int DecodeGPRegisterReg(const int size, const unsigned char ModRM, char* strout)
{
/* let's do some fooling-around here and redirect to the DecodeGPRegisterRM function */
return DecodeGPRegisterRM(size,(unsigned char)((ModRM >> 3) | 0xC0),strout);
};
int DecodeGPRegisterRM(const unsigned int size, const unsigned char ModRM, char* strout)
{
if((ModRM & 0xC0) != 0xC0)
return 0;
switch(size)
{
case 1:
switch(ModRM & 0x07)
{
case 0:
strcpy(strout,"al");
return 1;
case 1:
strcpy(strout,"cl");
return 1;
case 2:
strcpy(strout,"dl");
return 1;
case 3:
strcpy(strout,"bl");
return 1;
case 4:
strcpy(strout,"ah");
return 1;
case 5:
strcpy(strout,"ch");
return 1;
case 6:
strcpy(strout,"dh");
return 1;
case 7:
strcpy(strout,"bh");
return 1;
};
case 2:
switch(ModRM & 0x07)
{
case 0:
strcpy(strout,"ax");
return 1;
case 1:
strcpy(strout,"cx");
return 1;
case 2:
strcpy(strout,"dx");
return 1;
case 3:
strcpy(strout,"bx");
return 1;
case 4:
strcpy(strout,"sp");
return 1;
case 5:
strcpy(strout,"bp");
return 1;
case 6:
strcpy(strout,"si");
return 1;
case 7:
strcpy(strout,"di");
return 1;
};
case 4:
strout[0] = 'e';
return DecodeGPRegisterRM(2,ModRM,strout + 1);
};
return 0;
};
void GetMemoryOperandSizeStr(const char*strOpType, char *strOut,DefaultOperationSizeAttrib DSize, IA32InstructionDecode *pIA32Decode)
{
unsigned int uiTemp;
if(!strlen(strOpType))
return;
uiTemp = GetOperandTypeSize(strOpType + 1);
if(uiTemp & 0xFF000000)
{
if(DSize == OpSize16)
{
if(IA32InstructionPrefixExists(0x66,pIA32Decode))
uiTemp = (uiTemp & 0x0000FF00) >> 8;
else
uiTemp = (uiTemp & 0x000000FF);
}
else
{
if(IA32InstructionPrefixExists(0x66,pIA32Decode))
uiTemp = (uiTemp & 0x000000FF);
else
uiTemp = (uiTemp & 0x0000FF00) >> 8;
};
};
switch(uiTemp)
{
case 1:
strcpy(strOut,"byte ptr");
break;
case 2:
strcpy(strOut,"word ptr");
break;
case 4:
strcpy(strOut,"dword ptr");
break;
case 6:
strcpy(strOut,"fword ptr");
break;
case 8:
strcpy(strOut,"qword ptr");
break;
default:
strcpy(strOut,"");
}
};
int DecodeSingleRegisterOperand(DefaultOperationSizeAttrib DSize, int iOpIndex, IA32InstructionDecode *pIA32Decode)
{
char cAddressingMethod;
char *strOperandType;
char strOperandTemplate[16];
char *strOutput;
unsigned char ModRM;
unsigned int uiTemp = 0;
if(!pIA32Decode->SIA32InstructionHelper.boolModRMExists)
return 0;
ModRM = pIA32Decode->SIA32RawInstruction.ModRM;
if(!GetOutputBuffer(iOpIndex,&strOutput,pIA32Decode))
return 0;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -