?? distorm.h
字號:
// diStorm64 1.1.2
// RageStorm 2005, Gil Dabah
// http://ragestorm.net/distorm/
// Support C++ compilers
#ifdef __cplusplus
extern "C" {
#endif
// diStorm64 Version
#define __DISTORMV__ 0x112
// Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64.
typedef enum {Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2} _DecodeType;
// Static size of strings. Do not change this value.
#define MAX_TEXT_SIZE (60)
typedef struct {
unsigned int length;
unsigned char p[MAX_TEXT_SIZE]; // p is a null terminated string.
} _WString;
// This structure holds all information the disassembler generates per instruction.
typedef struct {
_WString mnemonic; // Mnemonic of decoded instruction, prefixed if required by REP, LOCK etc.
_WString operands; // Operands of the decoded instruction, up to 3 operands, comma-seperated.
_WString instructionHex; // Hex dump - little endian, including prefixes.
unsigned int size; // Size of decoded instruction.
unsigned long offset; // Start offset of the decoded instruction.
} _DecodedInst;
// Return code of the decoding function.
typedef enum {DECRES_NONE, DECRES_SUCCESS, DECRES_MEMORYERR, DECRES_INPUTERR} _DecodeResult;
// distorm_decode //////////////////
// Input:
// offset - Origin of the given code (virtual address that is), NOT an offset in code.
// code - Pointer to the code buffer to be disassembled.
// length - Amount of bytes that should be decoded from the code buffer.
// dt - Decoding mode, 16 bits (Decode16Bits), 32 bits (Decode32Bits) or AMD64 (Decode64Bits).
// result - Array of type _DecodeInst which will be used by this function in order to return the disassembled instructions.
// maxInstructions - The maximum number of entries in the result array that you pass to this function, so it won't exceed its bound.
// usedInstructionsCount - Number of the instruction that successfully were disassembled and written to the result array.
// Output: usedInstructionsCount will hold the number of entries used in the result array
// and the result array itself will be filled with the disassembled instructions.
// Return: DECRES_SUCCESS on success (no more to disassemble), DECRES_INPUTERR on input error (null code buffer, invalid decoding mode, etc...),
// DECRES_MEMORYERR when there are not enough entries to use in the result array, BUT YOU STILL have to check for usedInstructionsCount!
// Side-Effects: Even if the return code is DECRES_MEMORYERR, there might STILL be data in the
// array you passed, this function will try to use as much entries as possible!
// Notes: 1)The minimal size of maxInstructions is 15.
// 2)You will have to synchronize the offset,code and length by yourself if you pass code fragments and not a complete code block!
///////////////////////////////////
_DecodeResult distorm_decode(unsigned long codeOffset, const unsigned char* code, long codeLen, _DecodeType dt, _DecodedInst result[], unsigned long maxInstructions, unsigned long* usedInstructionsCount);
#ifdef __cplusplus
}// End Of Extern
#endif
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -