127 lines
5.0 KiB
C++
127 lines
5.0 KiB
C++
// un_asm.h : include utilities for unassembly
|
|
//
|
|
// Author: Gongbing
|
|
//
|
|
// Date: 2020-03-19
|
|
|
|
#pragma once
|
|
#ifndef _INCLUDED_REF_
|
|
#define _INCLUDED_REF_
|
|
#include "../ref/ref.h"
|
|
#endif
|
|
|
|
|
|
namespace ia_asm
|
|
{
|
|
// unassembly utils
|
|
enum ia_arch
|
|
{
|
|
IA_ARCHITECTURE_32 = 1,
|
|
IA_ARCHITECTURE_64,
|
|
};
|
|
const UINT64 REGISTER_BMP_RAX = (UINT64)1 << 0; const UINT64 REGISTER_BMP_EAX = (UINT64)1 << 0;
|
|
const UINT64 REGISTER_BMP_RCX = (UINT64)1 << 1; const UINT64 REGISTER_BMP_ECX = (UINT64)1 << 1;
|
|
const UINT64 REGISTER_BMP_RDX = (UINT64)1 << 2; const UINT64 REGISTER_BMP_EDX = (UINT64)1 << 2;
|
|
const UINT64 REGISTER_BMP_RBX = (UINT64)1 << 3; const UINT64 REGISTER_BMP_EBX = (UINT64)1 << 3;
|
|
const UINT64 REGISTER_BMP_RSP = (UINT64)1 << 4; const UINT64 REGISTER_BMP_ESP = (UINT64)1 << 4;
|
|
const UINT64 REGISTER_BMP_RBP = (UINT64)1 << 5; const UINT64 REGISTER_BMP_EBP = (UINT64)1 << 5;
|
|
const UINT64 REGISTER_BMP_RSI = (UINT64)1 << 6; const UINT64 REGISTER_BMP_ESI = (UINT64)1 << 6;
|
|
const UINT64 REGISTER_BMP_RDI = (UINT64)1 << 7; const UINT64 REGISTER_BMP_EDI = (UINT64)1 << 7;
|
|
const UINT64 REGISTER_BMP_R08 = (UINT64)1 << 8;
|
|
const UINT64 REGISTER_BMP_R09 = (UINT64)1 << 9;
|
|
const UINT64 REGISTER_BMP_R10 = (UINT64)1 << 10;
|
|
const UINT64 REGISTER_BMP_R11 = (UINT64)1 << 11;
|
|
const UINT64 REGISTER_BMP_R12 = (UINT64)1 << 12;
|
|
const UINT64 REGISTER_BMP_R13 = (UINT64)1 << 13;
|
|
const UINT64 REGISTER_BMP_R14 = (UINT64)1 << 14;
|
|
const UINT64 REGISTER_BMP_R15 = (UINT64)1 << 15;
|
|
const UINT64 REGISTER_BMP_MM0 = (UINT64)1 << 16;
|
|
const UINT64 REGISTER_BMP_MM1 = (UINT64)1 << 17;
|
|
const UINT64 REGISTER_BMP_MM2 = (UINT64)1 << 18;
|
|
const UINT64 REGISTER_BMP_MM3 = (UINT64)1 << 19;
|
|
const UINT64 REGISTER_BMP_MM4 = (UINT64)1 << 20;
|
|
const UINT64 REGISTER_BMP_MM5 = (UINT64)1 << 21;
|
|
const UINT64 REGISTER_BMP_MM6 = (UINT64)1 << 22;
|
|
const UINT64 REGISTER_BMP_MM7 = (UINT64)1 << 23;
|
|
const UINT64 REGISTER_BMP_XMM0 = (UINT64)1 << 24;
|
|
const UINT64 REGISTER_BMP_XMM1 = (UINT64)1 << 25;
|
|
const UINT64 REGISTER_BMP_XMM2 = (UINT64)1 << 26;
|
|
const UINT64 REGISTER_BMP_XMM3 = (UINT64)1 << 27;
|
|
const UINT64 REGISTER_BMP_XMM4 = (UINT64)1 << 28;
|
|
const UINT64 REGISTER_BMP_XMM5 = (UINT64)1 << 29;
|
|
const UINT64 REGISTER_BMP_XMM6 = (UINT64)1 << 30;
|
|
const UINT64 REGISTER_BMP_XMM7 = (UINT64)1 << 31;
|
|
const UINT64 REGISTER_BMP_FLAG = (UINT64)1 << 32;
|
|
|
|
#pragma pack(push)
|
|
#pragma pack(1)
|
|
typedef struct _instruction_data
|
|
{
|
|
unsigned long long address; // instruction address
|
|
unsigned long bytes; // all bytes of this instruction
|
|
unsigned long cycle; // cpu cycle
|
|
UINT64 reg_chg_bmp; // changed register bit-map mask
|
|
struct _rel_addr
|
|
{
|
|
union
|
|
{
|
|
unsigned char rel_byte;
|
|
struct
|
|
{
|
|
unsigned char offset : 5; // the offest to codes[0] of the relative address, ZERO means no
|
|
unsigned char size : 3; // bytes of the relative address, ZERO means no
|
|
};
|
|
};
|
|
}rel_addr[4]; // relative address in this instruction, max up to 4
|
|
struct
|
|
{
|
|
unsigned char bytes[4]; // bytes for val, ZERO means no imm val, often be 1, 2, 4, 8
|
|
UINT64 val[4]; // imm value
|
|
}imm;
|
|
char codes[20]; // instruction code bytes
|
|
char assembly[84]; // instruction text
|
|
|
|
struct _instruction_data()
|
|
{
|
|
clear();
|
|
}
|
|
void clear(void)
|
|
{
|
|
memset(this, 0, sizeof(struct _instruction_data));
|
|
}
|
|
void copy(struct _instruction_data* r)
|
|
{
|
|
memcpy(this, r, sizeof(struct _instruction_data));
|
|
}
|
|
}INSTRUCTION, *LPINSTRUCTION;
|
|
#pragma pack(pop)
|
|
|
|
// function: to un-assembly the codes
|
|
//
|
|
// return: error codes, ZERO is success
|
|
PORT_API(int) unasm(const unsigned char* codes // code stream
|
|
, LPINSTRUCTION lpasm // to receive the assembly text
|
|
, unsigned long long address = 0 // instruction address, use address 'codes' if this was ZERO
|
|
, ia_arch ia32 = IA_ARCHITECTURE_32); // intel architecture
|
|
|
|
// function: to convert near instruction to far instruction
|
|
//
|
|
// return: ZERO - have far instruction; 1 - no far instruction
|
|
PORT_API(int) far_instruction(const LPINSTRUCTION near
|
|
, LPINSTRUCTION far // to receive the far instruction
|
|
, unsigned long long far_instruction_addr = 0 // the address of the far instruction, use near's address if was ZERO
|
|
, ia_arch ia32 = IA_ARCHITECTURE_32); // intel architecture);
|
|
|
|
// function: compile single instruction
|
|
//
|
|
// return: error codes, ZERO is success
|
|
PORT_API(int) compile(const char* assembly // assembly text such as 'mov eax, ebp'
|
|
, unsigned long long *address // [in] - address of this assembly, [out] - address of the next statement, commonly [in] add lpasm->bytes
|
|
, LPINSTRUCTION lpasm // instruction array to receive the result
|
|
, inter_module_data::set_data label // label callback. see DATA_FLAG_UNASM_SET_LABEL && DATA_FLAG_UNASM_GET_LABEL
|
|
, ia_arch ia32 = IA_ARCHITECTURE_32); // assembly architecture
|
|
PORT_API(int) compile_one(const char* assembly
|
|
, unsigned char *code // minimum length with 40 bytes. [bytes]codes[bytes]codes[0]
|
|
, unsigned long long address = 0);
|
|
}
|