📄 disasm.cpp
字号:
JumpSize=(BYTE)Opcode[i+1];
// Short Jump $+2
if((BYTE)Opcode[i+1]>0x7F)
JumpAddress=Disasm->Address + ((2 + PrefixesSize + JumpSize)-0x100);
else
JumpAddress=Disasm->Address + 2 + JumpSize +PrefixesSize;
GetJumpInstruction(Op,temp);
if(Op==0xE3 && AddrPrefix==1)
strcpy(temp,"jcxz");
wsprintf(menemonic,"%s %08X",temp,JumpAddress);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X%02X",Op,(BYTE)Opcode[i+1]);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=2;
Disasm->PrefixSize=PrefixesSize;
++(*Index);
}
break;
case 0x90: // NOP (XCHG EAX, EAX)
{
lstrcat(Disasm->Assembly,"nop");
lstrcat(Disasm->Opcode,"90");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x91:case 0x92: // XCHG XXX, XXX
case 0x93:case 0x94: // XCHG XXX, XXX
case 0x95:case 0x96: // XCHG XXX, XXX
case 0x97: // XCHG XXX, XXX
{
Mod_11_RM(1,1,&Opcode,&Disasm,"xchg",RegPrefix,Op,&Index);//+ 0x30
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x98: // CWDE/CDW (Prefix)
{
if(!RegPrefix)
lstrcat(Disasm->Assembly,"cwde");
else if(RegPrefix==1)
lstrcat(Disasm->Assembly,"cbw");
lstrcat(Disasm->Opcode,"98");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x99: // CWDE/CDW (Prefix)
{
if(!RegPrefix)
lstrcat(Disasm->Assembly,"cdq");
else if(RegPrefix==1)
lstrcat(Disasm->Assembly,"cwd");
lstrcat(Disasm->Opcode,"98");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x9A: case 0xEA: // CALL/JMP XXXX:XXXXXXXX (FAR CALL)
{
char temp[10];
switch(Op)
{
case 0x9A:strcpy(temp,"call");break;
case 0xEA:strcpy(temp,"jmp");break;
}
if(AddrPrefix==0)
{
SwapDword((BYTE*)(Opcode+i+1),&dwOp,&dwMem);
SwapWord((BYTE*)(Opcode+i+5),&wOp,&wMem);
wsprintf(menemonic,"%s %04X:%08X",temp,wMem,dwMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %08X %04X",Op,dwOp,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=7;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=6;
}
else
{
WORD w_op,w_mem;
SwapWord((BYTE*)(Opcode+i+3),&wOp,&wMem);
SwapWord((BYTE*)(Opcode+i+1),&w_op,&w_mem);
wsprintf(menemonic,"%s %04X:%08X",temp,wMem,w_mem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %04X %04X",Op,w_op,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=5;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=4;
}
wsprintf(menemonic,"Far %s",temp);
strcpy(Disasm->Remarks,menemonic);
}
break;
case 0x9B: // WAIT
{
lstrcat(Disasm->Assembly,"wait");
lstrcat(Disasm->Opcode,"9B");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x9C: // PUSHFD/PUSHFW
{
if(!RegPrefix)
lstrcat(Disasm->Assembly,"pushfd");
else if(RegPrefix==1)
lstrcat(Disasm->Assembly,"pushfw");
lstrcat(Disasm->Opcode,"9C");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x9D: // POPFD/POPFW
{
if(!RegPrefix)
lstrcat(Disasm->Assembly,"popfd");
else if(RegPrefix==1)
lstrcat(Disasm->Assembly,"popfw");
lstrcat(Disasm->Opcode,"9D");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x9E: // SAHF
{
lstrcat(Disasm->Assembly,"sahf");
lstrcat(Disasm->Opcode,"9E");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0x9F: // LAHF
{
lstrcat(Disasm->Assembly,"lahf");
lstrcat(Disasm->Opcode,"9F");
Disasm->PrefixSize=PrefixesSize;
}
break;
case 0xA0:case 0xA2: // MOV AL, BYTE PTR XX:[XXXXXXXX], AL
{
if(!AddrPrefix)
{
SwapDword((BYTE*)(Opcode+i+1),&dwOp,&dwMem);
switch(Op)
{
case 0xA0:wsprintf(menemonic,"mov al, Byte ptr %s:[%08X]",Segs[SEG],dwMem);break;
case 0xA2:wsprintf(menemonic,"mov Byte ptr %s:[%08X], al",Segs[SEG],dwMem);break;
}
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %08X",Op,dwOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=5;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=4;
}
else
{
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
switch(Op)
{
case 0xA0:wsprintf(menemonic,"mov al, Byte ptr %s:[%04X]",Segs[SEG],wMem);break;
case 0xA2:wsprintf(menemonic,"mov Byte ptr %s:[%04X], al",Segs[SEG],wMem);break;
}
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %04X",Op,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=3;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=2;
}
}
break;
case 0xA1:case 0xA3: // MOV EAX/AX, BYTE PTR XX:[XXXXXXXX], EAX/AX
{
if(!AddrPrefix)// no addr size change
{
SwapDword((BYTE*)(Opcode+i+1),&dwOp,&dwMem);
switch(Op)
{
case 0xA1:wsprintf(menemonic,"mov %s, %s ptr %s:[%08X]",Regs[RM][0],RSize,Segs[SEG],dwMem);break;
case 0xA3:wsprintf(menemonic,"mov %s ptr %s:[%08X], %s",RSize,Segs[SEG],dwMem,Regs[RM][0]);break;
}
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %08X",Op,dwOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=5;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=4;
}
else if(AddrPrefix==1)
{
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
switch(Op) // change addr size DWORD->WORD
{
case 0xA1:wsprintf(menemonic,"mov %s, %s ptr %s:[%04X]",Regs[RM][0],RSize,Segs[SEG],wMem);break;
case 0xA3:wsprintf(menemonic,"mov %s ptr %s:[%04X], %s",RSize,Segs[SEG],wMem,Regs[RM][0]);break;
}
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %04X",Op,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=3;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=2;
}
}
break;
case 0xA4:case 0xA5: // MOVSB/MOVSW/MOVSD
{
if(RepPrefix==1 && (BYTE)Opcode[i-1]==0xF3)
strcpy(Disasm->Assembly,"rep ");
if((Op&0x0F)==0x04)
wsprintf(menemonic,"Byte ptr %s:[%s], Byte ptr %s:[%s]",Segs[SEG_ES],Regs[ADDRM][7],Segs[SEG],Regs[ADDRM][6]);
else if((Op&0x0F)==0x05)
wsprintf(menemonic,"%s ptr %s:[%s], %s ptr %s:[%s]",RSize,Segs[SEG_ES],Regs[ADDRM][7],RSize,Segs[SEG],Regs[ADDRM][6]);
lstrcat(Disasm->Assembly,"movs");
strcpy(Disasm->Remarks,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesRSize;
}
break;
case 0xA6:case 0xA7: // CMPSB/CMPSW/CMPSD
{
if((Op&0x0F)==0x06)
{
if(RepPrefix==1)
wsprintf(menemonic,"Byte ptr %s:[%s], Byte ptr %s:[%s]",Segs[SEG_ES],Regs[ADDRM][7],Segs[SEG],Regs[ADDRM][6]);
else
wsprintf(menemonic,"Byte ptr %s:[%s], Byte ptr %s:[%s]",Segs[SEG],Regs[ADDRM][6],Segs[SEG_ES],Regs[ADDRM][7]);
}
else if((Op&0x0F)==0x07)
{
if(RepPrefix==1)
wsprintf(menemonic,"%s ptr %s:[%s], %s ptr %s:[%s]",RSize,Segs[SEG_ES],Regs[ADDRM][7],RSize,Segs[SEG],Regs[ADDRM][6]);
else
wsprintf(menemonic,"%s ptr %s:[%s], %s ptr %s:[%s]",RSize,Segs[SEG],Regs[ADDRM][6],RSize,Segs[SEG_ES],Regs[ADDRM][7]);
}
lstrcat(Disasm->Assembly,"cmps");
strcpy(Disasm->Remarks,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesRSize;
}
break;
case 0xAA:case 0xAB: // STOSB/STOSW/STOSD
{
if(RepPrefix==1 && (BYTE)Opcode[i-1]==0xF3)
strcpy(Disasm->Assembly,"rep ");
if((Op&0x0F)==0x0A)
wsprintf(menemonic,"Byte ptr %s:[%s]",Segs[SEG_ES],Regs[ADDRM][7]);
else if((Op&0x0F)==0x0B)
wsprintf(menemonic,"%s ptr %s:[%s]",RSize,Segs[SEG_ES],Regs[ADDRM][7]);
lstrcat(Disasm->Assembly,"stos");
strcpy(Disasm->Remarks,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesRSize;
}
break;
case 0xAC:case 0xAD: // LODSB/LODSW/LODSD
{
if(RepPrefix==1 && (BYTE)Opcode[i-1]==0xF3)
strcpy(Disasm->Assembly,"rep ");
if((Op&0x0F)==0x0C)
wsprintf(menemonic,"Byte ptr %s:[%s]",Segs[SEG_DS],Regs[ADDRM][6]);
else if((Op&0x0F)==0x0D)
wsprintf(menemonic,"%s ptr %s:[%s]",RSize,Segs[SEG_DS],Regs[ADDRM][6]);
lstrcat(Disasm->Assembly,"lods");
strcpy(Disasm->Remarks,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesRSize;
}
break;
case 0xAE:case 0xAF: // SCASB/SCASW/SCASD
{
if((Op&0x0F)==0x0E)
wsprintf(menemonic,"Byte ptr %s:[%s]",Segs[SEG_ES],Regs[ADDRM][7]);
else if((Op&0x0F)==0x0F)
wsprintf(menemonic,"%s ptr %s:[%s]",RSize,Segs[SEG_ES],Regs[ADDRM][7]);
lstrcat(Disasm->Assembly,"scas");
strcpy(Disasm->Remarks,menemonic);
wsprintf(menemonic,"%02X",Op);
lstrcat(Disasm->Opcode,menemonic);
Disasm->PrefixSize=PrefixesRSize;
}
break;
case 0xB0:case 0xB1: // MOV XX, XX
case 0xB2:case 0xB3: // MOV XX, XX
case 0xB4:case 0xB5: // MOV XX, XX
case 0xB6:case 0xB7: // MOV XX, XX
{
wsprintf(menemonic,"mov %s, %02X",Regs[REG8][Op&0xF],(BYTE)Opcode[i+1]);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X%02X",Op,(BYTE)*(Opcode+i+1));
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=2;
Disasm->PrefixSize=PrefixesSize;
++(*Index);
}
break;
case 0xB8:case 0xB9: // MOV XX/XXX, XXXXXXXX
case 0xBA:case 0xBB: // MOV XX/XXX, XXXXXXXX
case 0xBC:case 0xBD: // MOV XX/XXX, XXXXXXXX
case 0xBE:case 0xBF: // MOV XX/XXX, XXXXXXXX
{
if(!RegPrefix) // check if default prefix has changed
{
SwapDword((BYTE*)(Opcode+i+1),&dwOp,&dwMem);
wsprintf(menemonic,"mov %s, %08X",Regs[RM][(Op&0xF)-0x08],dwMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %08X",Op,dwOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=5;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=4;
}
else
{
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
wsprintf(menemonic,"mov %s, %04X",Regs[RM][(Op&0xF)-0x08],wMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %04X",Op,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=3;
Disasm->PrefixSize=PrefixesSize;
(*Index)+=2;
}
}
break;
case 0xC2:case 0xCA: // RET/F XXXX
{
char code[6];
switch(Op)
{
case 0xC2:wsprintf(code,"ret");break;
case 0xCA:wsprintf(code,"retf");break;
}
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
if(wMem>=0xA000)
wsprintf(menemonic,"%s %05X",code,wMem);
else
wsprintf(menemonic,"%s %04X",code,wMem);
lstrcat(Disasm->Assembly,menemonic);
wsprintf(menemonic,"%02X %04X",Op,wOp);
lstrcat(Disasm->Opcode,menemonic);
Disasm->OpcodeSize=3;
Disasm->PrefixSize=PrefixesSize;
if(LockPrefix==1)
lstrcat(Disasm->Remarks,"<Illegal Lock Prefix>");
(*Index)+=2;
}
break;
case 0xC3: // RET
{
lstrcat(Disasm->Assembly,"ret");
lstrcat(Disasm->Opcode,"C3");
Disasm->PrefixSize=PrefixesSize;
lstrcat(Disasm->Remarks,"Pop IP");
}
break;
case 0xC8: // ENTER XXXX, XX
{
SwapWord((BYTE*)(Opcode+i+1),&wOp,&wMem);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -