📄 parse86.c
字号:
// parse86
// Copyright Ric Vieler, 2006
// disassembler for getx86Instruction
#if _WIN32_WINNT >= 0x0500
# define NDIS50 1
#else
# define NDIS40 1
#endif
#define BINARY_COMPATIBLE 0
#ifdef __cplusplus
extern "C" {
#endif
#include <ndis.h>
#include <ntddk.h>
#include "ghost.h"
#include "injectManager.h"
#ifdef __cplusplus
}
#endif
#include "parse86.h"
#pragma code_seg("PAGE")
#pragma optimize( "", off )
// for X86INSTRUCTION struct
#pragma pack(1)
typedef struct _X86_16BIT_INSTRUCTION
{
BOOL operandIs16;
BOOL addressIs16;
PBYTE* jumpAddress;
LONG* extra;
} X86_16BIT_INSTRUCTION;
// forward declaration for XFER_FUNCTION
struct _X86INSTRUCTION;
typedef struct _X86INSTRUCTION* PX86INSTRUCTION;
typedef PBYTE (*XFER_FUNCTION)(X86_16BIT_INSTRUCTION* op16Ptr, PX86INSTRUCTION opPtr, PBYTE destination, PBYTE source);
typedef struct _X86INSTRUCTION
{
ULONG opcode : 8;
ULONG size : 3;
ULONG size16 : 3;
ULONG modeOffset : 3;
LONG relOffset : 3;
ULONG flagMask : 4;
XFER_FUNCTION pXferFunction;
} X86INSTRUCTION;
// flags for flagMask
enum
{
DYNAMIC_FLAG = 0x1u,
ADDRESS_FLAG = 0x2u,
NOENLARGE_FLAG = 0x4u,
SIB_FLAG = 0x10u,
NOTSIB_FLAG = 0x0fu,
};
#pragma pack()
BYTE regMemMode[256] =
{
0,0,0,0,0x11,4,0,0,0,0,0,0,0x11,4,0,0, // 00 - 0f
0,0,0,0,0x11,4,0,0,0,0,0,0,0x11,4,0,0, // 10 - 1f
0,0,0,0,0x11,4,0,0,0,0,0,0,0x11,4,0,0, // 20 - 2f
0,0,0,0,0x11,4,0,0,0,0,0,0,0x11,4,0,0, // 30 - 3f
1,1,1,1,2,1,1,1,1,1,1,1,2,1,1,1, // 40 - 4f
1,1,1,1,2,1,1,1,1,1,1,1,2,1,1,1, // 50 - 5f
1,1,1,1,2,1,1,1,1,1,1,1,2,1,1,1, // 60 - 6f
1,1,1,1,2,1,1,1,1,1,1,1,2,1,1,1, // 70 - 7f
4,4,4,4,5,4,4,4,4,4,4,4,5,4,4,4, // 80 - 8f
4,4,4,4,5,4,4,4,4,4,4,4,5,4,4,4, // 90 - 9f
4,4,4,4,5,4,4,4,4,4,4,4,5,4,4,4, // a0 - af
4,4,4,4,5,4,4,4,4,4,4,4,5,4,4,4, // b0 - bf
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // c0 - cf
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // d0 - df
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // e0 - ef
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 // f0 - ff
};
// prototypes for X86INSTRUCTION
PBYTE transferData( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferDataPrefix( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE adjustData( X86_16BIT_INSTRUCTION* op16Ptr, PBYTE destination, PBYTE source, LONG bytes, LONG targetOffset );
PBYTE noTransferOp( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferOp0F( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferOp66( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferOp67( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferOpF6( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferOpF7( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
PBYTE transferOpFF( X86_16BIT_INSTRUCTION* op16Ptr, X86INSTRUCTION* opPtr, PBYTE destination, PBYTE source );
// follows opcode in X86INSTRUCTION
#define transfer1 1, 1, 0, 0, 0, transferData
#define transfer1Dynamic 1, 1, 0, 0, DYNAMIC_FLAG, transferData
#define transfer2 2, 2, 0, 0, 0, transferData
#define transfer2Jump 2, 2, 0, 1, 0, transferData
#define transfer2NoJump 2, 2, 0, 1, NOENLARGE_FLAG, transferData
#define transfer2Dynamic 2, 2, 0, 0, DYNAMIC_FLAG, transferData
#define transfer3 3, 3, 0, 0, 0, transferData
#define transfer3Dynamic 3, 3, 0, 0, DYNAMIC_FLAG, transferData
#define transfer3Or5 5, 3, 0, 0, 0, transferData
#define transfer3Or5Target 5, 3, 0, 1, 0, transferData
#define transfer5Or7Dynamic 7, 5, 0, 0, DYNAMIC_FLAG, transferData
#define transfer3Or5Address 5, 3, 0, 0, ADDRESS_FLAG, transferData
#define transfer4 4, 4, 0, 0, 0, transferData
#define transfer5 5, 5, 0, 0, 0, transferData
#define transfer7 7, 7, 0, 0, 0, transferData
#define transfer2Mod 2, 2, 1, 0, 0, transferData
#define transfer2Mod1 3, 3, 1, 0, 0, transferData
#define transfer2ModOperand 6, 4, 1, 0, 0, transferData
#define transfer3Mod 3, 3, 2, 0, 0, transferData
#define transferPrefix 1, 1, 0, 0, 0, transferDataPrefix
#define transfer0F 1, 1, 0, 0, 0, transferOp0F
#define transfer66 1, 1, 0, 0, 0, transferOp66
#define transfer67 1, 1, 0, 0, 0, transferOp67
#define transferF6 0, 0, 0, 0, 0, transferOpF6
#define transferF7 0, 0, 0, 0, 0, transferOpF7
#define transferFF 0, 0, 0, 0, 0, transferOpFF
#define noTransfer 1, 1, 0, 0, 0, noTransferOp
#define lastEntry 0, 0, 0, 0, 0, NULL
// intel op codes and disassembly parameters
X86INSTRUCTION instructionMap[257] =
{
{ 0x00, transfer2Mod },
{ 0x01, transfer2Mod },
{ 0x02, transfer2Mod },
{ 0x03, transfer2Mod },
{ 0x04, transfer2 },
{ 0x05, transfer3Or5 },
{ 0x06, transfer1 },
{ 0x07, transfer1 },
{ 0x08, transfer2Mod },
{ 0x09, transfer2Mod },
{ 0x0A, transfer2Mod },
{ 0x0B, transfer2Mod },
{ 0x0C, transfer2 },
{ 0x0D, transfer3Or5 },
{ 0x0E, transfer1 },
{ 0x0F, transfer0F },
{ 0x10, transfer2Mod },
{ 0x11, transfer2Mod },
{ 0x12, transfer2Mod },
{ 0x13, transfer2Mod },
{ 0x14, transfer2 },
{ 0x15, transfer3Or5 },
{ 0x16, transfer1 },
{ 0x17, transfer1 },
{ 0x18, transfer2Mod },
{ 0x19, transfer2Mod },
{ 0x1A, transfer2Mod },
{ 0x1B, transfer2Mod },
{ 0x1C, transfer2 },
{ 0x1D, transfer3Or5 },
{ 0x1E, transfer1 },
{ 0x1F, transfer1 },
{ 0x20, transfer2Mod },
{ 0x21, transfer2Mod },
{ 0x22, transfer2Mod },
{ 0x23, transfer2Mod },
{ 0x24, transfer2 },
{ 0x25, transfer3Or5 },
{ 0x26, transferPrefix },
{ 0x27, transfer1 },
{ 0x28, transfer2Mod },
{ 0x29, transfer2Mod },
{ 0x2A, transfer2Mod },
{ 0x2B, transfer2Mod },
{ 0x2C, transfer2 },
{ 0x2D, transfer3Or5 },
{ 0x2E, transferPrefix },
{ 0x2F, transfer1 },
{ 0x30, transfer2Mod },
{ 0x31, transfer2Mod },
{ 0x32, transfer2Mod },
{ 0x33, transfer2Mod },
{ 0x34, transfer2 },
{ 0x35, transfer3Or5 },
{ 0x36, transferPrefix },
{ 0x37, transfer1 },
{ 0x38, transfer2Mod },
{ 0x39, transfer2Mod },
{ 0x3A, transfer2Mod },
{ 0x3B, transfer2Mod },
{ 0x3C, transfer2 },
{ 0x3D, transfer3Or5 },
{ 0x3E, transferPrefix },
{ 0x3F, transfer1 },
{ 0x40, transfer1 },
{ 0x41, transfer1 },
{ 0x42, transfer1 },
{ 0x43, transfer1 },
{ 0x44, transfer1 },
{ 0x45, transfer1 },
{ 0x46, transfer1 },
{ 0x47, transfer1 },
{ 0x48, transfer1 },
{ 0x49, transfer1 },
{ 0x4A, transfer1 },
{ 0x4B, transfer1 },
{ 0x4C, transfer1 },
{ 0x4D, transfer1 },
{ 0x4E, transfer1 },
{ 0x4F, transfer1 },
{ 0x50, transfer1 },
{ 0x51, transfer1 },
{ 0x52, transfer1 },
{ 0x53, transfer1 },
{ 0x54, transfer1 },
{ 0x55, transfer1 },
{ 0x56, transfer1 },
{ 0x57, transfer1 },
{ 0x58, transfer1 },
{ 0x59, transfer1 },
{ 0x5A, transfer1 },
{ 0x5B, transfer1 },
{ 0x5C, transfer1 },
{ 0x5D, transfer1 },
{ 0x5E, transfer1 },
{ 0x5F, transfer1 },
{ 0x60, transfer1 },
{ 0x61, transfer1 },
{ 0x62, transfer2Mod },
{ 0x63, transfer2Mod },
{ 0x64, transferPrefix },
{ 0x65, transferPrefix },
{ 0x66, transfer66 },
{ 0x67, transfer67 },
{ 0x68, transfer3Or5 },
{ 0x69, transfer2ModOperand },
{ 0x6A, transfer2 },
{ 0x6B, transfer2Mod1 },
{ 0x6C, transfer1 },
{ 0x6D, transfer1 },
{ 0x6E, transfer1 },
{ 0x6F, transfer1 },
{ 0x70, transfer2Jump },
{ 0x71, transfer2Jump },
{ 0x72, transfer2Jump },
{ 0x73, transfer2Jump },
{ 0x74, transfer2Jump },
{ 0x75, transfer2Jump },
{ 0x76, transfer2Jump },
{ 0x77, transfer2Jump },
{ 0x78, transfer2Jump },
{ 0x79, transfer2Jump },
{ 0x7A, transfer2Jump },
{ 0x7B, transfer2Jump },
{ 0x7C, transfer2Jump },
{ 0x7D, transfer2Jump },
{ 0x7E, transfer2Jump },
{ 0x7F, transfer2Jump },
{ 0x80, transfer2Mod1 },
{ 0x81, transfer2ModOperand },
{ 0x82, transfer2 },
{ 0x83, transfer2Mod1 },
{ 0x84, transfer2Mod },
{ 0x85, transfer2Mod },
{ 0x86, transfer2Mod },
{ 0x87, transfer2Mod },
{ 0x88, transfer2Mod },
{ 0x89, transfer2Mod },
{ 0x8A, transfer2Mod },
{ 0x8B, transfer2Mod },
{ 0x8C, transfer2Mod },
{ 0x8D, transfer2Mod },
{ 0x8E, transfer2Mod },
{ 0x8F, transfer2Mod },
{ 0x90, transfer1 },
{ 0x91, transfer1 },
{ 0x92, transfer1 },
{ 0x93, transfer1 },
{ 0x94, transfer1 },
{ 0x95, transfer1 },
{ 0x96, transfer1 },
{ 0x97, transfer1 },
{ 0x98, transfer1 },
{ 0x99, transfer1 },
{ 0x9A, transfer5Or7Dynamic },
{ 0x9B, transfer1 },
{ 0x9C, transfer1 },
{ 0x9D, transfer1 },
{ 0x9E, transfer1 },
{ 0x9F, transfer1 },
{ 0xA0, transfer3Or5Address },
{ 0xA1, transfer3Or5Address },
{ 0xA2, transfer3Or5Address },
{ 0xA3, transfer3Or5Address },
{ 0xA4, transfer1 },
{ 0xA5, transfer1 },
{ 0xA6, transfer1 },
{ 0xA7, transfer1 },
{ 0xA8, transfer2 },
{ 0xA9, transfer3Or5 },
{ 0xAA, transfer1 },
{ 0xAB, transfer1 },
{ 0xAC, transfer1 },
{ 0xAD, transfer1 },
{ 0xAE, transfer1 },
{ 0xAF, transfer1 },
{ 0xB0, transfer2 },
{ 0xB1, transfer2 },
{ 0xB2, transfer2 },
{ 0xB3, transfer2 },
{ 0xB4, transfer2 },
{ 0xB5, transfer2 },
{ 0xB6, transfer2 },
{ 0xB7, transfer2 },
{ 0xB8, transfer3Or5 },
{ 0xB9, transfer3Or5 },
{ 0xBA, transfer3Or5 },
{ 0xBB, transfer3Or5 },
{ 0xBC, transfer3Or5 },
{ 0xBD, transfer3Or5 },
{ 0xBE, transfer3Or5 },
{ 0xBF, transfer3Or5 },
{ 0xC0, transfer2Mod1 },
{ 0xC1, transfer2Mod1 },
{ 0xC2, transfer3 },
{ 0xC3, transfer1 },
{ 0xC4, transfer2Mod },
{ 0xC5, transfer2Mod },
{ 0xC6, transfer2Mod1 },
{ 0xC7, transfer2ModOperand },
{ 0xC8, transfer4 },
{ 0xC9, transfer1 },
{ 0xCA, transfer3Dynamic },
{ 0xCB, transfer1Dynamic },
{ 0xCC, transfer1Dynamic },
{ 0xCD, transfer2Dynamic },
{ 0xCE, transfer1Dynamic },
{ 0xCF, transfer1Dynamic },
{ 0xD0, transfer2Mod },
{ 0xD1, transfer2Mod },
{ 0xD2, transfer2Mod },
{ 0xD3, transfer2Mod },
{ 0xD4, transfer2 },
{ 0xD5, transfer2 },
{ 0xD6, noTransfer },
{ 0xD7, transfer1 },
{ 0xD8, transfer2Mod },
{ 0xD9, transfer2Mod },
{ 0xDA, transfer2Mod },
{ 0xDB, transfer2Mod },
{ 0xDC, transfer2Mod },
{ 0xDD, transfer2Mod },
{ 0xDE, transfer2Mod },
{ 0xDF, transfer2Mod },
{ 0xE0, transfer2NoJump },
{ 0xE1, transfer2NoJump },
{ 0xE2, transfer2NoJump },
{ 0xE3, transfer2Jump },
{ 0xE4, transfer2 },
{ 0xE5, transfer2 },
{ 0xE6, transfer2 },
{ 0xE7, transfer2 },
{ 0xE8, transfer3Or5Target },
{ 0xE9, transfer3Or5Target },
{ 0xEA, transfer5Or7Dynamic },
{ 0xEB, transfer2Jump },
{ 0xEC, transfer1 },
{ 0xED, transfer1 },
{ 0xEE, transfer1 },
{ 0xEF, transfer1 },
{ 0xF0, transferPrefix },
{ 0xF1, noTransfer },
{ 0xF2, transferPrefix },
{ 0xF3, transferPrefix },
{ 0xF4, transfer1 },
{ 0xF5, transfer1 },
{ 0xF6, transferF6 },
{ 0xF7, transferF7 },
{ 0xF8, transfer1 },
{ 0xF9, transfer1 },
{ 0xFA, transfer1 },
{ 0xFB, transfer1 },
{ 0xFC, transfer1 },
{ 0xFD, transfer1 },
{ 0xFE, transfer2Mod },
{ 0xFF, transferFF },
{ 0x00, lastEntry }
};
// intel extended op codes and disassembly parameters
X86INSTRUCTION extendedInstructionMap[257] =
{
{ 0x00, transfer2Mod },
{ 0x01, transfer2Mod },
{ 0x02, transfer2Mod },
{ 0x03, transfer2Mod },
{ 0x04, noTransfer },
{ 0x05, noTransfer },
{ 0x06, transfer2 },
{ 0x07, noTransfer },
{ 0x08, transfer2 },
{ 0x09, transfer2 },
{ 0x0A, noTransfer },
{ 0x0B, transfer2 },
{ 0x0C, noTransfer },
{ 0x0D, noTransfer },
{ 0x0E, noTransfer },
{ 0x0F, noTransfer },
{ 0x10, noTransfer },
{ 0x11, noTransfer },
{ 0x12, noTransfer },
{ 0x13, noTransfer },
{ 0x14, noTransfer },
{ 0x15, noTransfer },
{ 0x16, noTransfer },
{ 0x17, noTransfer },
{ 0x18, noTransfer },
{ 0x19, noTransfer },
{ 0x1A, noTransfer },
{ 0x1B, noTransfer },
{ 0x1C, noTransfer },
{ 0x1D, noTransfer },
{ 0x1E, noTransfer },
{ 0x1F, noTransfer },
{ 0x20, transfer2Mod },
{ 0x21, transfer2Mod },
{ 0x22, transfer2Mod },
{ 0x23, transfer2Mod },
{ 0x24, noTransfer },
{ 0x25, noTransfer },
{ 0x26, noTransfer },
{ 0x27, noTransfer },
{ 0x28, noTransfer },
{ 0x29, noTransfer },
{ 0x2A, noTransfer },
{ 0x2B, noTransfer },
{ 0x2C, noTransfer },
{ 0x2D, noTransfer },
{ 0x2E, noTransfer },
{ 0x2F, noTransfer },
{ 0x30, transfer2 },
{ 0x31, transfer2 },
{ 0x32, transfer2 },
{ 0x33, transfer2 },
{ 0x34, transfer2 },
{ 0x35, transfer2 },
{ 0x36, noTransfer },
{ 0x37, noTransfer },
{ 0x38, noTransfer },
{ 0x39, noTransfer },
{ 0x3A, noTransfer },
{ 0x3B, noTransfer },
{ 0x3C, noTransfer },
{ 0x3D, noTransfer },
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -