disassemble.c

机器码指令格式

		case 0x84: case 0x85:
		{
			Instruction->Opcode = *currentCode;
			Instruction->dFlag = (*currentCode >>1) & 1;
			Instruction->wFlag = (*currentCode) & 1;

			sprintf(mnemonic, "%s", "test");
			currentCode++;
			currentCode = ParseRegModRM(currentCode, Instruction, operand1, operand2);

			break;
		}

		/* xchg */

		case 0x86: case 0x87:
		{
			Instruction->Opcode = *currentCode;
			Instruction->dFlag = (*currentCode >>1) & 1;
			Instruction->wFlag = (*currentCode) & 1;

			sprintf(mnemonic, "%s", "xchg");
			currentCode++;
			currentCode = ParseRegModRM(currentCode, Instruction, operand1, operand2);
			
			break;
		}
		case 0x90:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "%s", Instruction->RepeatPrefix == 1 ? "pause" : "nop");
			currentCode++;

			break;
		}
		case 0x91: case 0x92: case 0x93: case 0x94: case 0x95: case 0x96: case 0x97:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s", "xchg");
			sprintf(operand1, "%s", Instruction->OperandPrefix >= 0 ? Register16[*currentCode & 7] : Register32[*currentCode & 7]);
			sprintf(operand2, "%s", Instruction->OperandPrefix >= 0 ? "ax" :"eax");
			currentCode++;

			break;
		}

		/* mov */

		case 0x88: case 0x89: case 0x8A: case 0x8B:
		{
			Instruction->Opcode = *currentCode;
			Instruction->dFlag = (*currentCode >>1) & 1;
			Instruction->wFlag = (*currentCode) & 1;

			sprintf(mnemonic, "%s", "mov");
			currentCode++;
			currentCode = ParseRegModRM(currentCode, Instruction, operand1, operand2);
			
			break;
		}
		case 0x8C: case 0x8E:
		{
			Instruction->Opcode = *currentCode;
			Instruction->dFlag = (*currentCode >> 1) & 1;

			/* special cases code segment registers are 16-bits long */
			
			Instruction->OperandPrefix = 0;
			Instruction->wFlag = 1;

			sprintf(mnemonic, "%s", "mov");
			currentCode++;
			sprintf(Instruction->dFlag ? operand1 : operand2, "%s", SegmentRegisters[(*currentCode >> 3) & 7]);
			currentCode = ParseModRM(currentCode, Instruction, Instruction->dFlag ? operand2 : operand1);

			break;
		}
		case 0xA0: case 0xA1: case 0xA2: case 0xA3:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = *currentCode & 1;
			Instruction->dFlag = (*currentCode >> 1) & 1;

			sprintf(mnemonic, "%s", "mov");
			currentCode++;
			sprintf(Instruction->dFlag ? operand1 : operand2, "%s%s%s[%X]", Instruction->wFlag ? (Instruction->OperandPrefix >= 0 ? "word ptr " : "dword ptr ") : "byte ptr ",
				Instruction->SegmentPrefix >= 0 ? SegmentRegisters[Instruction->SegmentPrefix] : "", 
				Instruction->SegmentPrefix >= 0 ? ":" : "",
				*((unsigned int *)currentCode));
			sprintf(Instruction->dFlag ? operand2 : operand1, "%s", Instruction->wFlag ? (Instruction->OperandPrefix >= 0 ? "ax" : "eax") : "al");
			currentCode += 4;

			break;
		}
		case 0xB0: case 0xB1: case 0xB2: case 0xB3: case 0xB4: case 0xB5: case 0xB6: case 0xB7:
		case 0xB8: case 0xB9: case 0xBA: case 0xBB: case 0xBC: case 0xBD: case 0xBE: case 0xBF:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = (*currentCode >>3) & 1;
			Instruction->sFlag = !(Instruction->wFlag);

			sprintf(mnemonic, "%s", "mov");
			sprintf(operand1, Instruction->wFlag ? Instruction->OperandPrefix >= 0 ? Register16[*currentCode & 7] : Register32[*currentCode & 7] : Register8[*currentCode & 7]);
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand2);

			break;
		}

		/* lea */

		case 0x8D:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = (*currentCode) & 1;

			/*special cases */

			Instruction->dFlag = 1;
			
			sprintf(mnemonic, "%s", "lea");
			currentCode++;	
			currentCode = ParseRegModRM(currentCode, Instruction, operand1, operand2);

			break;
		}
		
		/* cbw, cwd, cwde, cdq*/

		case 0x98:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "%s", Instruction->OperandPrefix >= 0 ? "cbw" : "cwde");
			currentCode++;

			break;
		}
		case 0x99:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s", Instruction->OperandPrefix >= 0 ? "cwd" : "cdq");
			currentCode++;

			break;
		}

		/* call far ptr16 : 32 */

		case 0x9A:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 0;

			sprintf(mnemonic, "%s", "call");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand1);
			Instruction->OperandPrefix = 0;
			currentCode = ParseImmediate(currentCode, Instruction, operand2);
			sprintf(operand3, "far %s : %s", operand2, operand1);
			strncpy(operand1, operand3, MAX_OPERAND_LEN);
			*operand2 = '\0';
			*operand3 = '\0';

			break;
		}

		/* wait */

		case 0x9B:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s", "wait");
			currentCode++;

			break;
		}
		
		/* lahf and sahf */

		case 0x9E:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "%s", "ashf");
			currentCode++;

			break;
		}
		case 0x9F:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s", "lahf");
			currentCode++;
			
			break;
		}
		
		/* string operations */

		case 0xA4: case 0xA5: case 0xA6: case 0xA7:
		case 0xAA: case 0xAB: case 0xAC: case 0xAD: case 0xAE: case 0xAF:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = *currentCode & 1;
			
			sprintf(prefix, "%s", Instruction->RepeatPrefix > 0 ? RepeatPrefixes[Instruction->RepeatPrefix] : "");
			sprintf(mnemonic, "%s%c", StrMnemonic[(*currentCode >> 1) & 7], Instruction->wFlag ? (Instruction->OperandPrefix >= 0 ? 'w' : 'd') : 'b');
			currentCode++;

			break;
		}

		/* test */

		case 0xA8: case 0xA9:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = *currentCode & 1;
			Instruction->sFlag = !(*currentCode & 1);

			sprintf(mnemonic, "%s", "test");
			sprintf(operand1, "%s", Instruction->wFlag ? (Instruction->OperandPrefix >= 0 ? "ax" : "eax") : "al");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand2);
			
			break;
		}
		
		/* logical shift */

		case 0xC0: case 0xC1:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = *currentCode & 1;
			Instruction->sFlag = 1;
			
			currentCode++;
			sprintf(mnemonic, "%s", LogicalShiftMnemonic[(*currentCode >> 3) & 7]);
			currentCode = ParseModRM(currentCode, Instruction, operand1);
			currentCode = ParseImmediate(currentCode, Instruction, operand2);

			break;
		}
		
		/* retn */

		case 0xC2 :
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 0;
			Instruction->OperandPrefix = 0;

			sprintf(mnemonic, "retn");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand1);

			break;
		}
		case 0xC3:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "retn");
			currentCode++;

			break;
		}
		
		/* les, lds */

		case 0xC4: 
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = 1;
			Instruction->dFlag = 1;

			sprintf(mnemonic, "les");
			currentCode++;
			currentCode = ParseRegModRM(currentCode, Instruction, operand1, operand2);
			sprintf(operand3, "%s%s", Instruction->OperandPrefix >= 0 ? "dword " : "fword ", strstr(operand2, "ptr"));
			sprintf(operand2, "%s", operand3);
			*operand3 = '\0';

			break;
		}
		case 0xC5:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = 1;
			Instruction->dFlag = 1;

			sprintf(mnemonic, "lds");
			currentCode++;
			currentCode = ParseRegModRM(currentCode, Instruction, operand1, operand2);
			sprintf(operand3, "%s%s", Instruction->OperandPrefix >= 0 ? "dword " : "fword ", strstr(operand2, "ptr"));
			sprintf(operand2, "%s", operand3);
			*operand3 = '\0';

			break;
		}
		case 0xC6: case 0xC7:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = *currentCode & 1;
			Instruction->sFlag = ((*currentCode & 1) ^ 1) & 1;

			sprintf(mnemonic, "mov");
			currentCode++;
			currentCode = ParseModRM(currentCode, Instruction, operand1);
			currentCode = ParseImmediate(currentCode, Instruction, operand2);

			break;
		}
		
		/* enter leave */

		case 0xC8:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 0;
			Instruction->OperandPrefix = 0;

			sprintf(mnemonic, "enter");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand1);
			Instruction->sFlag = 1;
			currentCode = ParseImmediate(currentCode, Instruction, operand2);

			break;
		}
		case 0xC9:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "leave");
			currentCode++;

			break;
		}

		/* retx */

		case 0xCA:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 0;
			Instruction->OperandPrefix = 0;

			sprintf(mnemonic, "retf");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand1);
			
			break;
		}
		case 0xCB:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "retf");
			currentCode++;

			break;
		}
		
		/* int */

		case 0xCC:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "int3");
			currentCode++;

			break;
		}
		case 0xCD:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 1;

			sprintf(mnemonic, "int");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand1);
			
			break;
		}
		case 0xCE:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "into");
			currentCode++;

			break;
		}
		case 0xCF:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s%c", "iret", Instruction->OperandPrefix >= 0 ? 'w' : 'd');
			currentCode++;

			break;
		}

		/* rol ror rcl rcr shl sal shr shl sar */
		
		case 0xD0: case 0xD1:
		{
			Instruction->Opcode  = *currentCode;
			Instruction->wFlag = *currentCode & 1;

			currentCode++;
			sprintf(mnemonic, "%s", LogicalShiftMnemonic[(*currentCode >> 3) & 7]);
			currentCode = ParseModRM(currentCode, Instruction, operand1);
			sprintf(operand2, "1");

			break;
		}
		case 0xD2: case 0xD3:
		{
			Instruction->Opcode  = *currentCode;
			Instruction->wFlag = *currentCode & 1;

			currentCode++;
			sprintf(mnemonic, "%s", LogicalShiftMnemonic[(*currentCode >> 3) & 7]);
			currentCode = ParseModRM(currentCode, Instruction, operand1);
			sprintf(operand2, "cl");

			break;
		}

		/* aam aad */

		case 0xD4: case 0xD5:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 1;

			sprintf(mnemonic, BCDAdjustMnemonic[*currentCode & 7]);
			currentCode++;
			if(*currentCode == 0x0A)
			{
				currentCode++;
			}
			else
			{
				currentCode = ParseImmediate(currentCode, Instruction, operand1);
			}

			break;
		}
		
		/* setalc */

		case 0xD6:
		{
			Instruction->Opcode = *currentCode;
			
			sprintf(mnemonic, "salc");
			currentCode++;

			break;
		}
		case 0xD7:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "xlat");
			sprintf(operand1, "byte ptr %s%s[ebx + al]", Instruction->SegmentPrefix >= 0 ? SegmentRegisters[Instruction->SegmentPrefix] : "", Instruction->SegmentPrefix >= 0 ? ":" : "");
			currentCode++;

			break;
		}
		
		/* loopxx */
		
		case 0xE0: case 0xE1: case 0xE2:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s", LoopMnemonic[*currentCode & 7]);
			currentCode++;
			sprintf(operand1, "short %X", Instruction->LinearAddress + *((char*)currentCode) + currentCode - Code + 1);
			currentCode++;

			break;
		}
		case 0xE3:
		{
			Instruction->Opcode = *currentCode;

			sprintf(mnemonic, "%s", "jcxz");
			currentCode++;
			sprintf(operand1, "short %X", Instruction->LinearAddress + *((char*)currentCode) + currentCode - Code + 1);
			currentCode++;

			break;
		}
		
		/* in out */

		case 0xE4: case 0xE5: case 0xE6: case 0xE7:
		{
			Instruction->Opcode = *currentCode;
			Instruction->dFlag = (*currentCode >> 1) & 1;
			Instruction->wFlag = *currentCode & 1;
			Instruction->sFlag = 1;
			
			currentCode++;
			sprintf(mnemonic, "%s", Instruction->dFlag ? "out" : "in");
			currentCode = ParseImmediate(currentCode, Instruction, Instruction->dFlag ? operand1 : operand2);
			sprintf(Instruction->dFlag ? operand2 : operand1, "%s", Instruction->wFlag ? (Instruction->OperandPrefix >= 0 ? "ax" : "eax") : "al");

			break;
		}
		case 0xEC: case 0xED: case 0xEE: case 0xEF:
		{
			Instruction->Opcode = *currentCode;
			Instruction->wFlag = *currentCode & 1;
			Instruction->dFlag = (*currentCode >> 1) & 1;

			sprintf(mnemonic, "%s", Instruction->dFlag ? "out" : "in");
			sprintf(Instruction->dFlag ? operand2 : operand1, "%s", Instruction->wFlag ? (Instruction->OperandPrefix >= 0 ? "ax" : "eax") : "al");
			sprintf(Instruction->dFlag ? operand1 : operand2, "dx");

			currentCode++;

			break;
		}

		/* call jmp*/

		case 0xE8:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag;

			sprintf(mnemonic, "call");
			currentCode++;

			if(Instruction->OperandPrefix >= 0)
			{
				sprintf(operand1, "%X", (Instruction->LinearAddress & 0xFFFF) + (*((int *)currentCode) & 0xFFFF) + currentCode - Code + 2);
				currentCode += 2;
			}
			else
			{
				sprintf(operand1, "%X", Instruction->LinearAddress + *((int *)currentCode) + currentCode - Code + 4);
				currentCode += 4;
			}

			break;
		}
		case 0xE9:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag;

			sprintf(mnemonic, "jmp");
			currentCode++;

			if(Instruction->OperandPrefix >= 0)
			{
				sprintf(operand1, "%X", (Instruction->LinearAddress & 0xFFFF) + (*((int *)currentCode) & 0xFFFF) + currentCode - Code + 2);
				currentCode += 2;
			}
			else
			{
				sprintf(operand1, "%X", Instruction->LinearAddress + *((int *)currentCode) + currentCode - Code + 4);
				currentCode += 4;
			}

			break;
		}
		case 0xEA:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 0;

			sprintf(mnemonic, "jmp");
			currentCode++;
			currentCode = ParseImmediate(currentCode, Instruction, operand2);
			Instruction->OperandPrefix = 0;
			currentCode = ParseImmediate(currentCode, Instruction, operand3);
			sprintf(operand1, "far %s:%s", operand3, operand2);
			*operand2 = '\0';
			*operand3 = '\0';

			break;
		}
		case 0xEB:
		{
			Instruction->Opcode = *currentCode;
			Instruction->sFlag = 1;

			sprintf(mnemonic, "jmp");
			currentCode++;
			sprintf(operand1, "short %X", Instruction->LinearAddress + *currentCode + currentCode - Code + 1);
			currentCode++;

			break;
		}
		
		case 0xF1:
		{