📄 modasm.bas
字号:
Attribute VB_Name = "modAsm"
'------------------------------------------
'modAsm
'Purpose - SubMain Disassembly
'------------------------------------------
'vbgamer45 - tired to translate somethings from French.
'but its not really needed.
DefLng A-Z
Option Explicit
Option Base 0
Private Type ASM_OPCODE
FullOpCode As Integer 'opcode de base (sur 8 ou 16 bits)
OpCodeLen As Byte ' = 1 ou = 2 ....
Flag1 As Byte
Flag2 As Byte
Flag3 As Byte
Flag4 As Byte
Flag5 As Byte
Flag6 As Byte
Flag7 As Byte
Flag8 As Byte
'Description of Flags (les blancs sont en pr関ision pour le 64bits
'/0 1
'/1 2
'/2 3
'/3 4
'/4 5
'/5 6
'/6 7
'/7 8
' 9...
'/r 17
'r/m8 18
'r/m16 19
'r/m32 20
' 21
'cb 22
'cw 23
'cd 24
' 25
'ib 26 cp
'iw 27 cp
'id 28 cp
' 29
'+rb 30
'+rw 31
'+rd 32
' 33
'rel8 34
'rel16 35
'rel32 36
' 37
'r8 38
'r16 39
'r32 40
' 41
'imm8 42
'imm16 43
'imm32 44
' 45
'ptr16:16 46
'ptr16:32 47
' 48
' 49
'm 50
'm8 51
'm16 52
'm32 53
'm64 54
' 55
' 56
'm16:16 60
'm16:32 61
' 62
' 63
'm16&32 64
'm16&16 65
'm32&32 66
' 67
' 68
' 69
'moffs8 70
'moffs16 71
'moffs32 72
' 73
' 74
'm32real 128 'fpu
'm64real 129 'fpu
'm80real 130 'fpu
' 131
'm16int 132 'fpu
'm32int 133 'fpu
'm64int 134 'fpu
' 135
'ST 159 'fpu
'ST(0) 159 'fpu
'ST(i) 160 'fpu
'+i 160 'fpu
'mm 192 'mmx
'mm/m32 200 'mmx
'mm/m64 201 'mmx
sInstruct As String 'traduction string de l'opcode
sEnd As String 's'il y a une fin string pr殓ise
End Type
Private TblASM_OPCODE() As ASM_OPCODE
Private TblASM_len As Long
'table des registres, avec bit et nom
Private Type ASM_REGISTER
r8 As String * 2
r16 As String * 2
r32 As String * 3
End Type
Private TblASM_REG(0 To 7) As ASM_REGISTER
'pointe vers l'entr閑 asm_opcode dont le premier byte correspond
Private TblPtrASM(0 To 255) As Long
'Contains the text of Disassembly line by line
Public StrDEASM() As String
Sub FileDeAsm(ByVal entrypoint As Long, ByVal Fpt As Long, ByVal CodeLen As Long, ByVal ImageRva As Long, Optional StopAtRET As Boolean = True)
'd閟assemble le code commen鏰nt ?l'offset EntryPoint du fichier ouvert accessible via #Fpt.
'ImageRVA contient l'adresse relative du point d'entr閑 (n閏essaire pour le calcul des JMP rel)
'CodeLen contient la distance maxi du scanner d'instruction (typiquement = LOF(Fpt))
'StopAtRET indique au scanner de s'arr阾?d鑣 qu'une instruction RET (C2h ou C3h) est trouv?(eqv End Sub)
Dim i, j, sl, ml, rvai, DataNeed
Dim Fbyte As Byte, FLong As Integer
Dim bArray(1 To 10) As Byte
Dim DumpStr As String
Dim InstructStr As String
sl = 0
i = entrypoint
ml = i + CodeLen
rvai = ImageRva
Do
Get #Fpt, i, Fbyte
Get #Fpt, i, FLong
j = GetVASM(TblPtrASM(Fbyte), FLong)
Get #Fpt, i, bArray()
InstructStr = CodeToStr(bArray(), j, rvai, DataNeed)
DumpStr = bArrayHexStr(bArray(), DataNeed)
'cr閑 la ligne : "rvaddress: byteshexdump [pad] asminstruction"
sl = sl + 1
ReDim Preserve StrDEASM(1 To sl)
StrDEASM(sl) = Right$("0000" & Hex$(rvai), 8) & ": " & _
DumpStr & Space$(13 - Len(DumpStr)) & _
InstructStr
If ((j = 385) Or (j = 386)) And StopAtRET Then
'instruction RET scann?
Exit Do
End If
i = i + DataNeed
rvai = rvai + DataNeed
Loop Until i > ml
End Sub
Private Function GetVASM(StartPos As Long, ByVal iOpCode As Integer) As Long
'recherche le nom de l'instruction a partir du byte le plus proche (table invers?
'renvoi un pointeur dans la table TblASM_OPCODE
Dim i
i = StartPos
Do While i <= TblASM_len
If TblASM_OPCODE(i).OpCodeLen = 1 Then
If TblASM_OPCODE(i).FullOpCode = (iOpCode And 255) Then
Exit Do
End If
Else
If TblASM_OPCODE(i).FullOpCode = iOpCode Then
Exit Do
End If
End If
i = i + 1
Loop
GetVASM = i
End Function
Private Function CodeToStr(inCode() As Byte, inOPidx As Long, inRVA As Long, outLU As Long) As String
'texte de l'instruction d閟assembl
Dim i, j, k, ol
Dim ib, iw, id
Dim dFlg, eFlg
Dim bMod As Byte, bOP As Byte, bRM As Byte, bReg As Byte
Dim sReg As String
With TblASM_OPCODE(inOPidx)
ol = .OpCodeLen
outLU = ol
CodeToStr = .sInstruct
dFlg = .Flag1 Or .Flag2 Or .Flag3 Or .Flag4
eFlg = .Flag5 Or .Flag6 Or .Flag7 Or .Flag8
If (eFlg + dFlg) = 0 Then
'pas de flag = instruction direct
CodeToStr = CodeToStr & .sEnd
Exit Function
ElseIf dFlg > 0 Then
'flag uniquement post : pas de ModRM byte
End If
If .Flag1 >= 30 And .Flag1 <= 32 Then
'le premier octet contient la valeur du registre ?utiliser
bReg = inCode(1) - .FullOpCode
Select Case .Flag1
Case 30
sReg = TblASM_REG(bReg).r8
Case 31
sReg = TblASM_REG(bReg).r16
Case 32
sReg = TblASM_REG(bReg).r32
End Select
CodeToStr = CodeToStr & sReg
End If
If .Flag3 > 0 And .Flag3 < 18 Then
outLU = outLU + 1
'octet ModR/M utilis
ModRM inCode(ol + 1), bMod, bOP, bReg
Select Case bMod
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -