📄 disassembler.pas.svn-base
字号:
unit disassembler;
//eric, voeg int3 afhandeling toe
interface
uses imagehlp,sysutils,windows,symbolhandler,cefuncproc{$ifdef net}{$ifndef netserver},NetAPIs{$endif}{$endif}{$ifndef netclient},NewKernelHandler{$endif};
type Tprefix = set of byte;
type TMemory = array [0..23] of byte;
function rd(bt: byte): string;
function rd8(bt:byte): string;
function rd16(bt:byte): string;
function r8(bt:byte): string;
function r16(bt:byte): string;
function r32(bt:byte): string;
function mm(bt:byte): string;
function xmm(bt:byte): string;
function sreg(bt:byte): string;
function CR(bt:byte):string;
function DR(bt:byte):string;
function GetBitOf(Bt: dword; bit: integer): byte;
function getsegmentoverride(prefix: TPrefix): string;
function getmod(bt: byte): byte;
function getRM(bt: byte): byte;
function getREG(bt: byte): byte;
function SIB(memory:TMemory; sibbyte: integer; var last: dword): string;
function MODRM(memory:TMemory; prefix: TPrefix; modrmbyte: integer; inst: integer; var last: dword): string;
function disassemble(var offset: dword): string; overload;
function disassemble(var offset: dword; var description: string): string; overload;
function previousopcode(address: dword):dword;
//function translatestring(disassembled: string; numberofbytes: integer; showvalues: boolean):string;
function translatestring(disassembled: string; numberofbytes: integer; showvalues: boolean; var address: string; var bytes: string; var opcode: string; var special:string):string;
function inttohexs(address:dword;chars: integer):string;
var mode16: boolean;
implementation
//dont use it by otherunits
{$ifndef net}
{$ifndef standalonetrainer}
uses assemblerunit,debugger, StrUtils;
{$endif}
{$endif}
function rd(bt:byte):string;
begin
case bt of
0: result:='eax';
1: result:='ecx';
2: result:='edx';
3: result:='ebx';
4: result:='esp';
5: result:='ebp';
6: result:='esi';
7: result:='edi';
end;
end;
function rd8(bt:byte): string;
begin
case bt of
0: result:='al';
1: result:='cl';
2: result:='dl';
3: result:='bl';
4: result:='ah';
5: result:='ch';
6: result:='dh';
7: result:='bh';
end;
end;
function rd16(bt:byte):string;
begin
case bt of
0: result:='ax';
1: result:='cx';
2: result:='dx';
3: result:='bx';
4: result:='sp';
5: result:='bp';
6: result:='si';
7: result:='di';
end;
end;
function r8(bt:byte): string;
begin
case getreg(bt) of
0: result:='al';
1: result:='cl';
2: result:='dl';
3: result:='bl';
4: result:='ah';
5: result:='ch';
6: result:='dh';
7: result:='bh';
end;
end;
function r16(bt:byte): string;
begin
case getreg(bt) of
0: result:='ax';
1: result:='cx';
2: result:='dx';
3: result:='bx';
4: result:='sp';
5: result:='bp';
6: result:='si';
7: result:='di';
end;
end;
function r32(bt:byte): string;
begin
case getreg(bt) of
0: result:='eax';
1: result:='ecx';
2: result:='edx';
3: result:='ebx';
4: result:='esp';
5: result:='ebp';
6: result:='esi';
7: result:='edi';
end;
end;
function xmm(bt:byte): string;
begin
case getreg(bt) of
0: result:='XMM0';
1: result:='XMM1';
2: result:='XMM2';
3: result:='XMM3';
4: result:='XMM4';
5: result:='XMM5';
6: result:='XMM6';
7: result:='XMM7';
end;
end;
function mm(bt:byte): string;
begin
case getreg(bt) of
0: result:='MM0';
1: result:='MM1';
2: result:='MM2';
3: result:='MM3';
4: result:='MM4';
5: result:='MM5';
6: result:='MM6';
7: result:='MM7';
end;
end;
function sreg(bt:byte): string;
begin
case getreg(bt) of
0: result:='ES';
1: result:='CS';
2: result:='SS';
3: result:='DS';
4: result:='FS';
5: result:='GS';
6: result:='HS'; //as if...
7: result:='IS';
end;
end;
function CR(bt:byte):string;
begin
case getreg(bt) of
0: result:='CR0';
1: result:='CR1';
2: result:='CR2';
3: result:='CR3';
4: result:='CR4';
5: result:='CR5';
6: result:='CR6';
7: result:='CR7';
end;
end;
function DR(bt:byte):string;
begin
case getreg(bt) of
0: result:='DR0';
1: result:='DR1';
2: result:='DR2';
3: result:='DR3';
4: result:='DR4';
5: result:='DR5';
6: result:='DR6';
7: result:='DR7';
end;
end;
function GetBitOf(Bt: dword; bit: integer): byte;
begin
bt:=bt shl (31-bit);
result:=bt shr 31;
// result:=(bt shl (7-bit)) shr 7; //can someone explain why this isn't working ?
end;
function getsegmentoverride(prefix: TPrefix): string;
begin
if $2e in prefix then result:='CS:' else
if $26 in prefix then result:='ES:' else
if $36 in prefix then result:='SS:' else
if $3e in prefix then result:='' else
if $64 in prefix then result:='FS:' else
if $65 in prefix then result:='GS:';
end;
function getmod(bt: byte): byte;
begin
result:=(bt shr 6) and 3;
end;
function getRM(bt: byte): byte;
begin
result:=bt and 7;
end;
function getREG(bt: byte): byte;
begin
result:=(bt shr 3) and 7;
end;
function MODRM2(memory:TMemory; prefix: TPrefix; modrmbyte: integer; inst: integer; var last: dword): string;
var dwordptr: ^dword;
begin
dwordptr:=@memory[modrmbyte+1];
last:=modrmbyte+1;
if $67 in prefix then
begin
// put some 16-bit stuff in here
// but since this is a 32-bit debugger only ,forget it...
end
else
begin
case getmod(memory[modrmbyte]) of
0: case getrm(memory[modrmbyte]) of
0: result:=getsegmentoverride(prefix)+'[EAX],';
1: result:=getsegmentoverride(prefix)+'[ECX],';
2: result:=getsegmentoverride(prefix)+'[EDX],';
3: result:=getsegmentoverride(prefix)+'[EBX],';
4: result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last)+'],';
5: begin
result:=getsegmentoverride(prefix)+'['+inttohexs(dwordptr^,8)+'],';
last:=last+4;
end;
6: result:=getsegmentoverride(prefix)+'[ESI],';
7: result:=getsegmentoverride(prefix)+'[EDI],';
end;
1: begin
case getrm(memory[modrmbyte]) of
0: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EAX+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EAX-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
1: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[ECX+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[ECX-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
2: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EDX+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EDX-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
3: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EBX+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EBX-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
4: begin
result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last);
if memory[last]<=$7F then
result:=result+'+'+inttohexs(memory[last],2)+'],'
else
result:=result+'-'+inttohexs($100-memory[last],2)+'],';
end;
5: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EBP+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EBP-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
6: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[ESI+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[ESI-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
7: if memory[modrmbyte+1]<=$7F then
result:=getsegmentoverride(prefix)+'[EDI+'+inttohexs(memory[modrmbyte+1],2)+'],' else
result:=getsegmentoverride(prefix)+'[EDI-'+inttohexs($100-memory[modrmbyte+1],2)+'],';
end;
inc(last);
end;
2: begin
case getrm(memory[modrmbyte]) of
0: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EAX+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EAX-'+inttohexs($100000000-dwordptr^,8)+'],';
1: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[ECX+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[ECX-'+inttohexs($100000000-dwordptr^,8)+'],';
2: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EDX+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EDX-'+inttohexs($100000000-dwordptr^,8)+'],';
3: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EBX+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EBX-'+inttohexs($100000000-dwordptr^,8)+'],';
4: begin
result:=getsegmentoverride(prefix)+'['+sib(memory,modrmbyte+1,last);
dwordptr:=@memory[last];
if dwordptr^ <=$7FFFFFFF then
result:=result+'+'+inttohexs(dwordptr^,8)+'],' else
result:=result+'+'+inttohexs($100000000-dwordptr^,8)+'],';
end;
5: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EBP+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EBP-'+inttohexs($100000000-dwordptr^,8)+'],';
6: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[ESI+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[ESI-'+inttohexs($100000000-dwordptr^,8)+'],';
7: if dwordptr^ <=$7FFFFFFF then
result:=getsegmentoverride(prefix)+'[EDI+'+inttohexs(dwordptr^,8)+'],' else
result:=getsegmentoverride(prefix)+'[EDI-'+inttohexs($100000000-dwordptr^,8)+'],';
end;
inc(last,4);
end;
3: begin
case getrm(memory[modrmbyte]) of
0: case inst of
0: result:='EAX,';
1: result:='AX,';
2: result:='AL,';
3: result:='MM0,';
4: result:='XMM0,';
end;
1: case inst of
0: result:='ECX,';
1: result:='CX,';
2: result:='CL,';
3: result:='MM1,';
4: result:='XMM1,';
end;
2: case inst of
0: result:='EDX,';
1: result:='DX,';
2: result:='DL,';
3: result:='MM2,';
4: result:='XMM2,';
end;
3: case inst of
0: result:='EBX,';
1: result:='BX,';
2: result:='BL,';
3: result:='MM3,';
4: result:='XMM3,';
end;
4: case inst of
0: result:='ESP,';
1: result:='SP,';
2: result:='AH,';
3: result:='MM4,';
4: result:='XMM4,';
end;
5: case inst of
0: result:='EBP,';
1: result:='BP,';
2: result:='CH,';
3: result:='MM5,';
4: result:='XMM5,';
end;
6: case inst of
0: result:='ESI,';
1: result:='SI,';
2: result:='DH,';
3: result:='MM6,';
4: result:='XMM6,';
end;
7: case inst of
0: result:='EDI,';
1: result:='DI,';
2: result:='BH,';
3: result:='MM7,';
4: result:='XMM7,';
end;
end;
end;
end;
end;
end;
function MODRM(memory:TMemory; prefix: TPrefix; modrmbyte: integer; inst: integer; var last: dword): string; overload;
begin
result:=modrm2(memory,prefix,modrmbyte,inst,last);
end;
function MODRM(memory:TMemory; prefix: TPrefix; modrmbyte: integer; inst: integer; var last: dword;opperandsize:integer): string; overload;
begin
result:=modrm2(memory,prefix,modrmbyte,inst,last);
if (length(result)>0) and (result[1]='[') then
begin
case opperandsize of
8 : result:='byte ptr '+result;
16: result:='word ptr '+result;
32: result:='dword ptr '+result;
64: result:='qword ptr '+result;
80: result:='tword ptr '+result;
128: result:='dqword ptr '+result;
end;
end;
end;
function SIB(memory:TMemory; sibbyte: integer; var last: dword): string;
var dwordptr: ^dword;
begin
case memory[sibbyte] of
$00 : begin
result:='EAX+EAX';
last:=sibbyte+1;
end;
$01 : begin
result:='ECX+EAX';
last:=sibbyte+1;
end;
$02 : begin
result:='EDX+EAX';
last:=sibbyte+1;
end;
$03 : begin
result:='EBX+EAX';
last:=sibbyte+1;
end;
$04 : begin
result:='ESP+EAX';
last:=sibbyte+1;
end;
$05 : begin
dwordptr:=@memory[sibbyte+1];
case getmod(memory[sibbyte-1]) of
0 : begin
last:=sibbyte+5;
result:='EAX+'+inttohexs(dwordptr^,8);
end;
1 : begin
last:=sibbyte+1;
result:='EBP+EAX';
end;
2 : begin
last:=sibbyte+1;
result:='EBP+EAX';
end;
3 : begin
result:='error';
end;
end;
end;
$06 : begin
result:='ESI+EAX';
last:=sibbyte+1;
end;
$07 : begin
result:='EDI+EAX';
last:=sibbyte+1;
end;
//--------------
$08 : begin
result:='EAX+ECX';
last:=sibbyte+1;
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -