📄 disasm.cpp
字号:
Disasm->PrefixSize=PrefixesSize;
(*Index)+=4;
}
else if(RegPrefix==1) // RegPrefix is being used
{
// read 2 bytes into AX (REG16)
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
wsprintf(menemonic,"%s %s, %04X",mene,Regs[REG16][0],wMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %04X",Op,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=3;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=2;
}
}
break;
case 0x06: // PUSH ES
{
lstrcat(Disasm->Assembly,"push es");
strcpy(Disasm->Remarks,"Push ES register to the stack");
lstrcat(Disasm->Opcode,"06");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x07: // POP ES
{
lstrcat(Disasm->Assembly,"pop es");
strcpy(Disasm->Remarks,"Pop top stack to ES");
lstrcat(Disasm->Opcode,"07");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x0E: // PUSH CS
{
lstrcat(Disasm->Assembly,"push cs");
strcpy(Disasm->Remarks,"Push CS register to the stack");
lstrcat(Disasm->Opcode,"0E");
Disasm->PrefixSize=PrefixesSize;
}
break;
// INTEL - NEW SET (MMX/3DNow!/SSE/SSE2)
case 0x0F:
{
char Instruction[128],m_bytes[128];
int RetVal;
BYTE Code=(BYTE)Opcode[i+1];
lstrcat(Disasm->Opcode,"0F");
RetVal=GetNewInstruction(Code,Instruction,RegPrefix);
switch(RetVal) // check if we need to decode instruction
{
case 0:
{
// Decode SIB + ModRM
if((BYTE)Opcode[i+2]>=0x00 && (BYTE)Opcode[i+2]<=0xBF)
{
(*Index)++;
i=*Index;
Bit_D=(Op&0x02)>>1; // Get bit d (direction)
Bit_W=(Op&0x01); // Get bit w (full/partial reg size)
Mod_RM_SIB_EX(&Disasm,&Opcode,i,AddrPrefix,SEG,&Index,Code,RegPrefix,SegPrefix,AddrPrefix,Bit_D,Bit_W,RepPrefix);
Disasm->PrefixSize=PrefixesSize;
Disasm->OpcodeSize++; // 0F extra Byte
break;
}
else
{
if(((BYTE)Opcode[i+2] & 0xC0)==0xC0)
{
Bit_D=(Op&0x02)>>1; // Get bit d (direction)
Bit_W=(Op&0x01); // Get bit w (full/partial reg size)
(*Index)++;
i=*Index;
Mod_11_RM_EX(Bit_D,Bit_W,&Opcode,&Disasm,RegPrefix,Code,&Index,RepPrefix); // Decode with bits
Disasm->PrefixSize=PrefixesSize;
Disasm->OpcodeSize++; // 0F extra Byte
}
break;
}
}
break; // big set instructions
case 1: // 1 byte instructions set
{
lstrcat(Disasm->Assembly,Instruction);
wsprintf(Instruction,"%02X",Code);
lstrcat(Disasm->Opcode,Instruction);
Disasm->OpcodeSize=2;
Disasm->PrefixSize=PrefixesSize;
(*Index)++;
}
break;
case 2: // NEAR JUMP (JXX)
{
SwapDword((BYTE*)(Opcode+i+2),&dwOp,&dwMem);
dwMem+=Disasm->Address+PrefixesSize+6; // calculate dest addr
wsprintf(m_bytes,"%08X",dwMem);
strcat(Instruction,m_bytes);
lstrcat(Disasm->Assembly,Instruction);
wsprintf(m_bytes,"%08X",dwOp);
wsprintf(Instruction,"%02X ",Code);
lstrcat(Disasm->Opcode,Instruction);
lstrcat(Disasm->Opcode,m_bytes);
Disasm->OpcodeSize=6;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=5;
}
break; // jump instructions set
case 3:
{
if(((BYTE)Opcode[i+2]&0xC0)==0xC0)
{
Bit_D=(Op&0x02)>>1; // Get bit d (direction)
Bit_W=(Op&0x01); // Get bit w (full/partial reg size)
(*Index)++;
i=*Index;
Mod_11_RM_EX(Bit_D,Bit_W,&Opcode,&Disasm,RegPrefix,Code,&Index,RepPrefix); // Decode with bits
Disasm->PrefixSize=PrefixesSize;
Disasm->OpcodeSize++; // 0F extra Byte
}
else
{
lstrcat(Disasm->Assembly,Instruction);
wsprintf(Instruction,"%02X",Code);
lstrcat(Disasm->Opcode,Instruction);
Disasm->OpcodeSize=2;
Disasm->PrefixSize=PrefixesSize;
(*Index)++;
}
}
break;
case 4:
{
if( ((BYTE)Opcode[i+2]>=0x08) && ((BYTE)Opcode[i+2]<=0x0F) )
{
(*Index)++;
i=*Index;
Bit_D=(Op&0x02)>>1; // Get bit d (direction)
Bit_W=(Op&0x01); // Get bit w (full/partial reg size)
Mod_RM_SIB_EX(&Disasm,&Opcode,i,AddrPrefix,SEG,&Index,Code,RegPrefix,SegPrefix,AddrPrefix,Bit_D,Bit_W,RepPrefix);
Disasm->PrefixSize=PrefixesSize;
Disasm->OpcodeSize++; // 0F extra Byte
}
else{
lstrcat(Disasm->Assembly,"???");
wsprintf(Instruction,"%02X",Code);
lstrcat(Disasm->Opcode,Instruction);
Disasm->OpcodeSize=2;
Disasm->PrefixSize=PrefixesSize;
(*Index)++;
}
}
break;
}
}
break;
case 0x16: // PUSH SS
{
lstrcat(Disasm->Assembly,"push ss");
strcpy(Disasm->Remarks,"Push SS register to the stack");
lstrcat(Disasm->Opcode,"16");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x17: // POP SS
{
lstrcat(Disasm->Assembly,"pop ss");
strcpy(Disasm->Remarks,"Pop top stack to SS");
lstrcat(Disasm->Opcode,"17");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x1E: // PUSH DS
{
lstrcat(Disasm->Assembly,"push ds");
strcpy(Disasm->Remarks,"Push DS register to the stack");
lstrcat(Disasm->Opcode,"1E");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x1F: // POP DS
{
lstrcat(Disasm->Assembly,"pop ds");
strcpy(Disasm->Remarks,"Pop top stack to DS");
lstrcat(Disasm->Opcode,"1F");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x27: // DAA
{
lstrcat(Disasm->Assembly,"daa");
lstrcat(Disasm->Opcode,"27");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x2F: // DAS
{
lstrcat(Disasm->Assembly,"das");
lstrcat(Disasm->Opcode,"2F");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x37: // AAA
{
lstrcat(Disasm->Assembly,"aaa");
lstrcat(Disasm->Opcode,"37");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x3F: // AAS
{
lstrcat(Disasm->Assembly,"aas");
lstrcat(Disasm->Opcode,"3F");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x40:case 0x41: // INC XXX/XX
case 0x42:case 0x43: // INC XXX/XX
case 0x44:case 0x45: // INC XXX/XX
case 0x46:case 0x47: // INC XXX/XX
{
wsprintf(menemonic,"inc %s",Regs[RM][Op&0x0F]); // Find reg by Masking (Op&0x0F)
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x48:case 0x49: // DEC XXX/XX
case 0x4A:case 0x4B: // DEC XXX/XX
case 0x4C:case 0x4D: // DEC XXX/XX
case 0x4E:case 0x4F: // DEC XXX/XX
{
wsprintf(menemonic,"dec %s",Regs[RM][Op&0x0F-0x08]);// Find reg by Masking (Op&0x0F-0x08)
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x50:case 0x51: // PUSH XXX/XX
case 0x52:case 0x53: // PUSH XXX/XX
case 0x54:case 0x55: // PUSH XXX/XX
case 0x56:case 0x57: // PUSH XXX/XX
{
wsprintf(menemonic,"push %s",Regs[RM][Op&0x0F]);// Find reg by Masking (Op&0x0F)
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x58:case 0x59: // POP XXX/XX
case 0x5A:case 0x5B: // POP XXX/XX
case 0x5C:case 0x5D: // POP XXX/XX
case 0x5E:case 0x5F: // POP XXX/XX
{
wsprintf(menemonic,"pop %s",Regs[RM][(Op&0x0F)-0x08]);// Find reg by Masking (Op&0x0F-0x08)
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x60: // PUSHAD/W (Prefix)
{
if(!RegPrefix) // if RegPrefix == 0
lstrcat(Disasm->Assembly,"pushad");
else if(RegPrefix==1)// Change Reg Size
lstrcat(Disasm->Assembly,"pushaw");
lstrcat(Disasm->Opcode,"60");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x61: // POPAD/W (Prefix)
{
if(!RegPrefix) // if RegPrefix == 0
lstrcat(Disasm->Assembly,"popad");
else if(RegPrefix==1)// Change Reg Size
lstrcat(Disasm->Assembly,"popaw");
lstrcat(Disasm->Opcode,"61");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x68: // PUSH XXXXXXXX
{
if(RegPrefix==0)
{ // PUSH 4 bytes
SwapDword((BYTE*)(Opcode+i+1),&dwOp,&dwMem);
wsprintf(menemonic,"push %08X",dwMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"68 %08X",dwOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=5;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=4;
}
else
{
// PUSH 2 bytes
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
wsprintf(menemonic,"push %04X",wMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"68 %04X",wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=3;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=2;
}
}
break;
case 0x6A: // PUSH XX
{
if((BYTE)Opcode[i+1]>=0x80) // Signed Numebers (Negative)
wsprintf(menemonic,"push -%02X",(0x100-(BYTE)Opcode[i+1]));
else
wsprintf(menemonic,"push %02X",(BYTE)Opcode[i+1]); // Unsigned Numbers (Positive)
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"6A%02X",(BYTE)*(Opcode+i+1));
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=2;
Disasm->PrefixSize=PrefixesSize;
++(*Index);
}
break;
case 0x6C: case 0x6D: // INSB/INSW/INSD
{
if((Op&0x0F)==0x0C)
{
lstrcat(Disasm->Assembly,"insb");
wsprintf(menemonic,"Byte ptr ES:[%s], DX",Regs[ADDRM][7]);
strcpy(Disasm->Remarks,menemonic);
}
else if((Op&0x0F)==0x0D)
if(!RegPrefix) // If RegPrefix == 0
{
lstrcat(Disasm->Assembly,"insd");
wsprintf(menemonic,"Dword ptr ES:[%s], DX",Regs[ADDRM][7]);
strcpy(Disasm->Remarks,menemonic);
}
else if(RegPrefix==1) // Found RegPrefix == 1
{
lstrcat(Disasm->Assembly,"insw");
wsprintf(menemonic,"Word ptr ES:[%s], DX",Regs[ADDRM][7]);
strcpy(Disasm->Remarks,menemonic);
}
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x6E: case 0x6F: // OUTSB/OUTSW/OUTSD
{
if((Op&0x0F)==0x0E)
{
lstrcat(Disasm->Assembly,"outsb");
wsprintf(menemonic,"DX, Byte ptr ES:[%s]",Regs[ADDRM][7]);
strcpy(Disasm->Remarks,menemonic);
}
else if((Op&0x0F)==0x0F)
if(!RegPrefix) // If RegPrefix == 0
{
lstrcat(Disasm->Assembly,"outsd");
wsprintf(menemonic,"DX, Dword ptr ES:[%s]",Regs[ADDRM][7]);
strcpy(Disasm->Remarks,menemonic);
}
else if(RegPrefix==1) // Found RegPrefix == 1
{
lstrcat(Disasm->Assembly,"outsw");
wsprintf(menemonic,"DX, Word ptr ES:[%s]",Regs[ADDRM][7]);
strcpy(Disasm->Remarks,menemonic);
}
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesSize;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -