📄 disasm.h
字号:
#define SEG_SS 2
#define SEG_DS 3
#define SEG_FS 4
#define SEG_GS 5
#define C_TYPEMASK 0xF0 // Mask for command type
#define C_CMD 0x00 // Ordinary instruction
#define C_PSH 0x10 // 1-word PUSH instruction
#define C_POP 0x20 // 1-word POP instruction
#define C_MMX 0x30 // MMX instruction
#define C_FLT 0x40 // FPU instruction
#define C_JMP 0x50 // JUMP instruction
#define C_JMC 0x60 // Conditional JUMP instruction
#define C_CAL 0x70 // CALL instruction
#define C_RET 0x80 // RET instruction
#define C_FLG 0x90 // Changes system flags
#define C_RTF 0xA0 // C_JMP and C_FLG simultaneously
#define C_REP 0xB0 // Instruction with REPxx prefix
#define C_PRI 0xC0 // Privileged instruction
#define C_DAT 0xD0 // Data (address) doubleword
#define C_NOW 0xE0 // 3DNow! instruction
#define C_BAD 0xF0 // Unrecognized command
#define C_RARE 0x08 // Rare command, seldom used in programs
#define C_SIZEMASK 0x07 // MMX data size or special flag
#define C_EXPL 0x01 // (non-MMX) Specify explicit memory size
#define C_DANGER95 0x01 // Command is dangerous under Win95/98
#define C_DANGER 0x03 // Command is dangerous everywhere
#define C_DANGERLOCK 0x07 // Dangerous with LOCK prefix
#define DEC_TYPEMASK 0x1F // Type of memory byte
#define DEC_UNKNOWN 0x00 // Unknown type
#define DEC_BYTE 0x01 // Accessed as byte
#define DEC_WORD 0x02 // Accessed as short
#define DEC_NEXTDATA 0x03 // Subsequent byte of code or data
#define DEC_DWORD 0x04 // Accessed as long
#define DEC_FLOAT4 0x05 // Accessed as float
#define DEC_FWORD 0x06 // Accessed as descriptor/long pointer
#define DEC_FLOAT8 0x07 // Accessed as double
#define DEC_QWORD 0x08 // Accessed as 8-byte integer
#define DEC_FLOAT10 0x09 // Accessed as long double
#define DEC_TBYTE 0x0A // Accessed as 10-byte integer
#define DEC_STRING 0x0B // Zero-terminated ASCII string
#define DEC_UNICODE 0x0C // Zero-terminated UNICODE string
#define DEC_3DNOW 0x0D // Accessed as 3Dnow operand
#define DEC_BYTESW 0x11 // Accessed as byte index to switch
#define DEC_NEXTCODE 0x13 // Subsequent byte of command
#define DEC_COMMAND 0x1D // First byte of command
#define DEC_JMPDEST 0x1E // Jump destination
#define DEC_CALLDEST 0x1F // Call (and maybe jump) destination
#define DEC_PROCMASK 0x60 // Procedure analysis
#define DEC_PROC 0x20 // Start of procedure
#define DEC_PBODY 0x40 // Body of procedure
#define DEC_PEND 0x60 // End of procedure
#define DEC_CHECKED 0x80 // Byte was analysed
#define DECR_TYPEMASK 0x3F // Type of register or memory
#define DECR_BYTE 0x21 // Byte register
#define DECR_WORD 0x22 // Short integer register
#define DECR_DWORD 0x24 // Long integer register
#define DECR_QWORD 0x28 // MMX register
#define DECR_FLOAT10 0x29 // Floating-point register
#define DECR_SEG 0x2A // Segment register
#define DECR_3DNOW 0x2D // 3Dnow! register
#define DECR_ISREG 0x20 // Mask to check that operand is register
#define DISASM_SIZE 0 // Determine command size only
#define DISASM_DATA 1 // Determine size and analysis data
#define DISASM_FILE 3 // Disassembly, no symbols
#define DISASM_CODE 4 // Full disassembly
// Warnings issued by Disasm():
#define DAW_FARADDR 0x0001 // Command is a far jump, call or return
#define DAW_SEGMENT 0x0002 // Command loads segment register
#define DAW_PRIV 0x0004 // Privileged command
#define DAW_IO 0x0008 // I/O command
#define DAW_SHIFT 0x0010 // Shift constant out of range 1..31
#define DAW_PREFIX 0x0020 // Superfluous prefix
#define DAW_LOCK 0x0040 // Command has LOCK prefix
#define DAW_STACK 0x0080 // Unaligned stack operation
#define DAW_DANGER95 0x1000 // May mess up Win95 if executed
#define DAW_DANGEROUS 0x3000 // May mess up any OS if executed
//bughoho 操作数类型
enum Optype
{
Imm,
Reg,
Mem,
Seg,
};
typedef struct t_disasm
{ // Results of disassembling
ulong ip; // Instrucion pointer
char dump[TEXTLEN]; // Hexadecimal dump of the command
char result[TEXTLEN]; // Disassembled command
char comment[TEXTLEN]; // Brief comment
int cmdtype; // One of C_xxx
int memtype; // Type of addressed variable in memory
int nprefix; // Number of prefixes
int indexed; // Address contains register(s)
ulong jmpconst; // Constant jump address
ulong jmptable; // Possible address of switch table
ulong adrconst; // [edx+100] '100' 地址部分的常量 Constant part of address
ulong immconst; // Immediate constant
int zeroconst; // Whether contains zero constant
int fixupoffset; // Possible offset of 32-bit fixups
int fixupsize; // Possible total size of fixups or 0
int error; // Error while disassembling command
int warnings; // Combination of DAW_xxx
//bughoho new
BYTE hexcode[TEXTLEN]; //2进制码
int codelen; //长度
int optype[3]; // 操作数类型
char vm_name[TEXTLEN]; // 声称VM对应的Handler名称
int is3dnow; // 3dnow函数
int segment; // 段前缀
int reg[3]; // 3寄存器(假设操作数为寄存器)
int segreg; // 段寄存器(假设操作数为段寄存器)
int addrreg1; // 内存地址部分的第1个不带比例的寄存器
int addrreg2; // 内存地址部分的第2个带比例的寄存器
int regsscale; // 比例:1,2,4,8
//还有一个adrconst已经定义,根据正负号来定义加减
int memsize[3]; // 操作数长度
bool highbit[3]; // 当是8位指令时并且为高位时(ah bh ch dh)为1
t_disasm()
{
memset(this,0,sizeof(t_disasm));
}
} t_disasm;
//汇编Code命令结构
struct CodeNode
{
t_disasm disasm;
BOOL IsJmcBeSideType;//跳到外部的指令
BOOL IsJmcUndefineType;//跳到代码内不明确的地址
BOOL IsJmcDynamicType;//动态跳转类型
BOOL IsJmcType;//跳转
BOOL IsJmcFromType;//从其他地方跳转过来的代码
BOOL IsJmcNextType;//JMC和CALL之后的代码
BOOL IsCallType;//调用子函数
CodeNode()
{
memset(this,0,sizeof(CodeNode));
}
};
typedef struct t_asmmodel
{ // Model to search for assembler command
char code[MAXCMDSIZE]; // Binary code
char mask[MAXCMDSIZE]; // Mask for binary code (0: bit ignored)
int length; // Length of code, bytes (0: empty)
int jmpsize; // Offset size if relative jump
int jmpoffset; // Offset relative to IP
int jmppos; // Position of jump offset in command
} t_asmmodel;
odunique int ideal; // Force IDEAL decoding mode
odunique int lowercase; // Force lowercase display
odunique int tabarguments; // Tab between mnemonic and arguments
odunique int extraspace; // Extra space between arguments
odunique int putdefseg; // Display default segments in listing
odunique int showmemsize; // Always show memory size
odunique int shownear; // Show NEAR modifiers
odunique int shortstringcmds; // Use short form of string commands
odunique int sizesens; // How to decode size-sensitive mnemonics
odunique int symbolic; // Show symbolic addresses in disasm
odunique int farcalls; // Accept far calls, returns & addresses
odunique int decodevxd; // Decode VxD calls (Win95/98)
odunique int privileged; // Accept privileged commands
odunique int iocommand; // Accept I/O commands
odunique int badshift; // Accept shift out of range 1..31
odunique int extraprefix; // Accept superfluous prefixes
odunique int lockedbus; // Accept LOCK prefixes
odunique int stackalign; // Accept unaligned stack operations
odunique int iswindowsnt; // When checking for dangers, assume NT
//bughoho
odunique int stoperand; //当前的循环
int Assemble(char *cmd,ulong ip,t_asmmodel *model,int attempt,
int constsize,char *errtext);
int Checkcondition(int code,ulong flags);
int Decodeaddress(ulong addr,char *symb,int nsymb,char *comment);
ulong Disasm(char *src,ulong srcsize,ulong srcip,
t_disasm *disasm,int disasmmode);
ulong Disassembleback(char *block,ulong base,ulong size,ulong ip,int n);
ulong Disassembleforward(char *block,ulong base,ulong size,ulong ip,int n);
int Isfilling(ulong addr,char *data,ulong size,ulong align);
int Print3dnow(char *s,char *f);
int Printfloat10(char *s,long double ext);
int Printfloat4(char *s,float f);
int Printfloat8(char *s,double d);
��⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -