disasm.cpp
来自「Decompilation Dos Program is a technique」· C++ 代码 · 共 1,009 行 · 第 1/3 页
CPP
1,009 行
CurInst.SwapOperands();
break;
// Pop Reg.
case 0x58 : case 0x59 :
case 0x5a : case 0x5b :
case 0x5c : case 0x5d :
case 0x5e : case 0x5f :
Reg = Opcode & 7; Len = 1;
CurInst.Instr = POP;
CurInst.Operand1 = REG_DIRECT;
CurInst.Data11 = Register(1,Reg);
break;
// ArithOper Addr,Imm ( Includes add,sub,adc,sbb,and,or,xor,cmp )
case 0x80 : case 0x81 : case 0x82 : case 0x83 :
ArithOper = Reg; Len = 2;
CurInst.Instr = ArithOpers[ArithOper];
CurInst.operSize2 = W;
Operand2(Mod,RM,W,2);
if (W) W = 1-D;
CurInst.operSize1 = W;
CurInst.Operand1 = IMMEDIATE;
CurInst.Data11 = GetImmediate(Len);
CurInst.SwapOperands();
break;
// ArithOper AL,Imm.
case 0x04 : case 0x0c : case 0x14 : case 0x1c :
case 0x24 : case 0x2c : case 0x34 : case 0x3c :
Len = 2;
CurInst.Instr = ArithOpers[ArithOper];
CurInst.Operand1 = REG_DIRECT;
CurInst.Data11 = Register(0,0);
CurInst.Operand2 = IMMEDIATE;
CurInst.Data21 = (Word)GetImmediateByte(1);
break;
// ArithOper AX,Imm.
case 0x05 : case 0x0d : case 0x15 : case 0x1d :
case 0x25 : case 0x2d : case 0x35 : case 0x3d :
Len = 3;
CurInst.Instr = ArithOpers[ArithOper];
CurInst.Operand1 = REG_DIRECT;
CurInst.Data11 = Register(1,0);
CurInst.Operand2 = IMMEDIATE;
CurInst.Data21 = GetImmediateWord(1);
break;
// ArithOper Addr,Addr.
case 0x00 : case 0x01 : case 0x02 : case 0x03 :
case 0x08 : case 0x09 : case 0x0a : case 0x0b :
case 0x10 : case 0x11 : case 0x12 : case 0x13 :
case 0x18 : case 0x19 : case 0x1a : case 0x1b :
case 0x20 : case 0x21 : case 0x22 : case 0x23 :
case 0x28 : case 0x29 : case 0x2a : case 0x2b :
case 0x30 : case 0x31 : case 0x32 : case 0x33 :
case 0x38 : case 0x39 : case 0x3a : case 0x3b :
Len = 2;
CurInst.Instr = ArithOpers[ArithOper];
GetOperands();
break;
// Inc Reg16.
case 0x40 : case 0x41 : case 0x42 : case 0x43 :
case 0x44 : case 0x45 : case 0x46 : case 0x47 :
// Dec Reg16.
case 0x48 : case 0x49 : case 0x4a : case 0x4b :
case 0x4c : case 0x4d : case 0x4e : case 0x4f :
Reg = Opcode & 7; Len = 1;
CurInst.Instr = (Opcode & 8) ? DEC : INC;
CurInst.Operand1 = REG_DIRECT;
CurInst.Data11 = Register(1,Reg);
break;
// Inc Reg8. & Dec Reg8.
case 0xfe : Opcode = Ip[1];
Reg = Opcode & 7; Len = 2;
CurInst.Instr = (Opcode & 8) ? DEC : INC;
CurInst.Operand1 = REG_DIRECT;
CurInst.Data11 = Register(0,Reg);
break;
// Lea Reg, mem.
case 0x8d : Len = 2;
CurInst.Instr = LEA;
CurInst.Operand1 = REG_DIRECT;
CurInst.Data11 = Register(W,Reg);
Operand2(Mod,RM,W,2);
break;
case 0x98 : CurInst.Instr = CBW; break;
case 0x99 : CurInst.Instr = CWD; break;
// Call Imm.
case 0xe8 : Len = 3;
CurInst.Instr = CALL;
CurInst.operSize1=0;
CurInst.Operand1=IMMEDIATE;
CurInst.Data11 = (Word)(regIP + Len + (*(int far *)(Ip + 1)));
CurInst.Data12 = FP_SEG(Insts);
break;
// Call far Imm.
case 0x9a : Len = 5;
CurInst.Instr = CALL;
CurInst.operSize1=1;
CurInst.Operand1=IMMEDIATE;
CurInst.Data11 = GetImmediateWord(1);
CurInst.Data12 = GetImmediateWord(3);
break;
// SecArithOper Addr.
case 0xf6 : case 0xf7 :
ArithOper = Reg;
Reg = RM; Len = 2;
CurInst.Instr = SecArithOpers[ArithOper];
CurInst.operSize1 = W;
CurInst.operSize2 = W;
if (ArithOper == 0) // Test Addr,Imm.
{
Operand2(Mod,RM,W,2);
CurInst.Operand1 = IMMEDIATE;
CurInst.Data11 = GetImmediate(2);
CurInst.SwapOperands();
}
else // Others.
{
Operand2(Mod,RM,W,2);
CurInst.SwapOperands();
}
break;
// (SHL,SHR,SAL,SAR) mem/reg,1. or mem/reg,cl.
case 0xd0 : case 0xd1 : case 0xd2 : case 0xd3 :
str = LogOperstr[Reg];
CurInst.Instr = LogOpers[Reg];
if (RM==6)
{
str += ByteorWordPtr[W]; Len = 4;
str += "["; str += ImmediateWord(2); str += "]";
CurInst.Operand1 = MEMORY;
CurInst.Data11 = GetImmediateWord(2);
}
else
{
str += Operand1(RM,W); Len = 2;
}
if (D)
{
CurInst.Operand2 = REG_DIRECT;
CurInst.Data21 = REG_CL;
}
else
{
CurInst.Operand2 = IMMEDIATE;
CurInst.Data21 = 1;
}
break;
// Test Addr,Addr.
case 0x84 : case 0x85 :
str = "TEST "; Len = 2;
if (D==0) str += Operand1(Reg,W) + "," + Operand2(Mod,RM,W,2);
else str += Operand2(Mod,RM,W,2) + "," + Operand1(Reg,W);
break;
// Test AL,Imm.
case 0xa8 : str = "TEST AL,"; str += ImmediateByte(1); Len = 2; break;
// Test AX,Imm.
case 0xa9 : str = "TEST AX,"; str += ImmediateWord(1); Len = 3; break;
// Jmp Imm.(2 byte displacement).
case 0xe9 : CurInst.Instr = JMP; Len = 3;
CurInst.operSize1=0;
CurInst.Operand1 = IMMEDIATE;
CurInst.Data11 = (Word)(regIP + Len + *(int far *)(Ip+1));
break;
// Jmp far Imm.
case 0xea : CurInst.Instr = JMP; Len = 5;
CurInst.operSize1=1;
CurInst.Operand1 = IMMEDIATE;
CurInst.Data11 = GetImmediateWord(1);
CurInst.Data21 = GetImmediateWord(3);
break;
// Jmp short Imm.(-128 to +127 displacement).
case 0xeb : CurInst.Instr = JMP;
CurInst.operSize1=0;
CurInst.Operand1 = IMMEDIATE;
Len=2; AddOnlyOffset(); break;
// Conditional jmps.
case 0x70 : CurInst.Instr = JO; Len = 2; AddOnlyOffset(); break;
case 0x71 : CurInst.Instr = JNO; Len = 2; AddOnlyOffset(); break;
case 0x72 : CurInst.Instr = JB; Len = 2; AddOnlyOffset(); break;
case 0x73 : CurInst.Instr = JAE; Len = 2; AddOnlyOffset(); break;
case 0x74 : CurInst.Instr = JZ; Len = 2; AddOnlyOffset(); break;
case 0x75 : CurInst.Instr = JNZ; Len = 2; AddOnlyOffset(); break;
case 0x76 : CurInst.Instr = JBE; Len = 2; AddOnlyOffset(); break;
case 0x77 : CurInst.Instr = JA; Len = 2; AddOnlyOffset(); break;
case 0x78 : CurInst.Instr = JS; Len = 2; AddOnlyOffset(); break;
case 0x79 : CurInst.Instr = JNS; Len = 2; AddOnlyOffset(); break;
case 0x7a : CurInst.Instr = JPE; Len = 2; AddOnlyOffset(); break;
case 0x7b : CurInst.Instr = JPO; Len = 2; AddOnlyOffset(); break;
case 0x7c : CurInst.Instr = JL; Len = 2; AddOnlyOffset(); break;
case 0x7d : CurInst.Instr = JGE; Len = 2; AddOnlyOffset(); break;
case 0x7e : CurInst.Instr = JLE; Len = 2; AddOnlyOffset(); break;
case 0x7f : CurInst.Instr = JG; Len = 2; AddOnlyOffset(); break;
// Loops.
case 0xe0 : CurInst.Instr = LOOPNZ; Len = 2; AddOnlyOffset(); break;
case 0xe1 : CurInst.Instr = LOOPZ; Len = 2; AddOnlyOffset(); break;
case 0xe2 : CurInst.Instr = LOOP; Len = 2; AddOnlyOffset(); break;
case 0xe3 : CurInst.Instr = JCXZ; Len = 2; AddOnlyOffset(); break;
// Segment Overrides.
case 0x26 : case 0x2e : case 0x36 : case 0x3e :
CurInst.Instr = SEGMENT;
CurInst.Data11 = REG_ES + ((Opcode>>3)&3);
Len = 1;
break;
case 0x27 : str = "DAA"; break;
case 0x2f : str = "DAS"; break;
case 0x37 : str = "AAA"; break;
case 0x3f : str = "AAS"; break;
case 0x90 : str = "NOP"; break;
case 0x91 : case 0x92 : case 0x93 : case 0x94 :
case 0x95 : case 0x96 : case 0x97 :
str = "XCHG ";
Reg = Opcode & 7;
str += Operand1(Reg,1) + ",AX";
break;
case 0x9b : str = "WAIT"; break;
case 0x9c : str = "PUSHF"; break;
case 0x9d : str = "POPF"; break;
case 0x9e : str = "SAHF"; break;
case 0x9f : str = "LAHF"; break;
case 0xa4 : str = "MOVSB"; break;
case 0xa5 : str = "MOVSW"; break;
case 0xa6 : str = "CMPSB"; break;
case 0xa7 : str = "CMPSW"; break;
case 0xaa : str = "STOSB"; break;
case 0xab : str = "STOSW"; break;
case 0xac : str = "LODSB"; break;
case 0xad : str = "LODSW"; break;
case 0xae : str = "SCASB"; break;
case 0xaf : str = "SCASW"; break;
case 0xcd : str = "INT "; str += ImmediateByte(1); Len = 2; break;
case 0xce : str = "INTO"; break;
case 0xcf : str = "IRET"; break;
case 0xd5 : str = "AAD"; break;
case 0xd7 : str = "XLAT"; break;
case 0xda : str = "AAM"; break;
case 0xf0 : str = "LOCK"; break;
case 0xf2 : str = "REPNZ"; break;
case 0xf3 : str = "REPZ"; break;
case 0xf4 : str = "HLT"; break;
case 0xf5 : str = "CMC"; break;
case 0xf8 : str = "CLC"; break;
case 0xf9 : str = "STC"; break;
case 0xfa : str = "CLI"; break;
case 0xfb : str = "STI"; break;
case 0xfc : str = "CLD"; break;
case 0xfd : str = "STD"; break;
// Xchg Addr,Addr.
case 0x86 :
case 0x87 : str = "XCHG "; Len = 2; str += GetOperands();
break;
// In.
case 0xec : str = "IN AL,DX"; break;
case 0xed : str = "IN AX,DX"; break;
case 0xe4 : case 0xe5 :
str = "IN "; str += Operand1(Reg,W); str += ",";
str += ImmediateByte(1); Len = 3;
break;
// Out.
case 0xee : str = "OUT DX,AL"; break;
case 0xef : str = "OUT DX,AX"; break;
case 0xe6 : case 0xe7 :
str = "OUT "; str += Operand1(Reg,W); str += ",";
str += ImmediateByte(1); Len = 3;
break;
// les Reg, mem.
case 0xc4 : W = 1; D = 1-D; Len = 2;
str = "LES "; str += GetOperands();
CurInst.Instr=LES;
break;
// lds Reg, mem.
case 0xc5 : W = 1; D = 1-D; Len = 2;
str = "LDS "; str += GetOperands();
break;
// Unknown.
default : str = "????";
}
Length = Len;
regIP += Len;
}
String Disasm::GetAsm(Byte far *Insts,int &Length)
{
regIP = (Insts - CodePtr);
Ip = Insts;
Opcode = Insts[0];
D = (Opcode >> 1) & 1;
W = Opcode & 1;
Mod = (Insts[1] >> 6) & 3;
Reg = (Insts[1] >> 3) & 7;
RM = Insts[1] & 7;
int ArithOper = (Opcode >> 3) & 7;
Len = 1;
SRegs = FALSE;
FirstOperand = FALSE;
SecondOperand = FALSE;
String str;
switch(Opcode)
{
// Mov AL,[mem].
case 0xa0 : str = "MOV AL,["; str += ImmediateWord(1) + "]";
Len = 3; break;
// Mov AX,[mem].
case 0xa1 : str = "MOV AX,["; str += ImmediateWord(1) + "]";
Len = 3; break;
// Mov [mem],AL.
case 0xa2 : str = "MOV ["; str += ImmediateWord(1) + "],AL";
Len = 3; break;
// Mov [mem],AX.
case 0xa3 : str = "MOV ["; str += ImmediateWord(1) + "],AX";
Len = 3; break;
// Mov Addr,Reg8. & Mov Addr,Reg16.
case 0x88 : case 0x89 :
// Mov Reg8,Addr. & Mov Reg16,Addr.
case 0x8a : case 0x8b :
str = "MOV "; Len = 2;
str += GetOperands();
break;
// Mov Addr,SReg.
case 0x8c : str = "MOV "; Len = 2;
if (RM==0) str += Operand1(RM,1);
else str += Operand2(Mod,RM,1,2);
str += ",";
str += Operand1(Reg,1,TRUE);
break;
// Mov Sreg,Addr.
case 0x8e : str = "MOV "; Len = 2;
str += Operand1(Reg,1,TRUE) + ",";
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?