?? dsasm_functions.cpp
字號:
case 0xFF: {
Bit_d=0; Bit_w=0;
if(REG==3 || REG==5) // FAR JMP/CALL
strcpy(RSize,regSize[4]); // FWORD
else
strcpy(RSize,regSize[1]);
}
break; // DWORD
}
// check for bit register size : 16bit/32bit
if(Bit_w==1)
{
RM=REG32; // 32bit registers set
//if(/*!bound/&& Op==0x62*/)// Special Case
strcpy(RSize,regSize[1]); // dword ptr
}
// check for prefix 0x66 OverRide (change default size)
if(PrefixReg==1)
{
if(!UsesFPU) // FPU DataSize doesn't Change, others are, on prefix 0x66.
{
if(lstrcmp(RSize,"Byte")!=0) // doesn't affect byte mode
{
RM=REG16; // 16bit registers
strcpy(RSize,regSize[2]); // word ptr
if(Op==0x62 || Op==0xC4 || Op==0xC5) // Special Case, 66 Prefix doesn't affect Memory Size.
strcpy(RSize,regSize[1]);
}
}
}
// SCALE INDEX BASE :
SIB=(BYTE)(*(*Opcode+pos+1))&0x07; // Get SIB extension
/*
Exmaple:
--------
format of sib is:
ss iii bbb.
where ss is 2 upper bits for scale
and they represent power (exponent) of 2 for
scale index multipyer.
iii is 3 middle bits for index.
bbb is 3 low bits for base.
*SIB == 4
*NO SIB != 4
0x04 -> 00 000 [100] <- SIB
0x0C -> 00 001 [100] <- SIB
0x64 -> 01 100 [100] <- SIB
0x60 -> 01 100 [000] <- NO SIB
0xB5 -> 10 110 [101] <- NO SIB
0x76 -> 01 110 [110] <- NO SIB
Extract SS II BB information (3rd byte)
=======================================
0x81,0xAC,0x20
0x20 = 00 100 000
Scale: 00 = *1 (not shown)
100 - ESP = not Shown, Cannot be an Index register
000 - EAX = shown
if MOD 10/01 is being used, get displacement data after
the SIB.
*/
// ===================================================//
// AddrPrefix is being used! //
// ===================================================//
if(PrefixAddr==1) // Prefix 0x67 is set, Change Segments/Addressing Modes to 16 bits
{
FOpcode=((BYTE)(*(*Opcode+pos+1))&0x0F); // Get addressing Mode (8 types of mode)
reg1=((BYTE)(*(*Opcode+pos+1))&0x38)>>3;
// Check if we decode POP instruction, which had few valid instruction.
if(Op==0x8F && reg1!=0)
lstrcat((*Disasm)->Remarks,"Invalid Instruction");
// Choose Mode + Segment
switch(FOpcode)
{
case 0x00: case 0x08: wsprintf(Addr,"%s",addr16[0]); /*SEG=SEG_DS;*/ break; // Mode 0:[BX+SI]
case 0x01: case 0x09: wsprintf(Addr,"%s",addr16[1]); /*SEG=SEG_DS;*/ break; // Mode 1:[BX+DI]
case 0x02: case 0x0A: wsprintf(Addr,"%s",addr16[2]); SEG=SEG_SS; break; // Mode 2:[BP+SI]
case 0x03: case 0x0B: wsprintf(Addr,"%s",addr16[3]); SEG=SEG_SS; break; // Mode 3:[BP+DI]
case 0x04: case 0x0C: wsprintf(Addr,"%s",addr16[4]); /*SEG=SEG_DS;*/ break; // Mode 4:[SI]
case 0x05: case 0x0D: wsprintf(Addr,"%s",addr16[5]); /*SEG=SEG_DS;*/ break; // Mode 5:[DI]
case 0x06: case 0x0E: // Mode 6: [BP+XX/XXXX] | [XX]
{
if(Extension==0) // 0x00-0x3F only! has special [XXXX]
{
/*SEG=SEG_DS;*/
SwapWord((BYTE*)(*Opcode+pos+2),&wOp,&wMem);
wsprintf(Addr,"%04X",wMem);
(*(*index))+=2; // read 2 bytes
}
else{ // 0x50-0xBF has [BP+]
SEG=SEG_SS; // SS Segment
wsprintf(Addr,"%s",addr16[7]);
}
}
break;
case 0x07: case 0x0F: wsprintf(Addr,"%s",addr16[6]); /*SEG=SEG_DS;*/ break; // Mode 7: [BX]
}
// Choose used extension
// And Decode properly the menemonic
switch(Extension)
{
case 0: // No extension of bytes to RegMem (except mode 6)
{
wsprintf(tempMeme,"%s ptr %s:[%s]",RSize,segs[SEG],Addr);
SwapDword((BYTE*)(*Opcode+pos),&dwOp,&dwMem);
SwapWord((BYTE*)(*Opcode+pos),&wOp,&wMem);
if(((wOp&0x00FF)&0x0F)==0x06) // 0x00-0x3F with mode 6 only!
{
wsprintf(menemonic,"%08X",dwOp);
(*Disasm)->OpcodeSize=4;
lstrcat((*Disasm)->Opcode,menemonic);
}
else{ // other modes
wsprintf(menemonic,"%04X",wOp);
(*Disasm)->OpcodeSize=2;
lstrcat((*Disasm)->Opcode,menemonic);
}
}
break;
case 1: // 1 Byte Extension to regMem
{
SwapWord((BYTE*)(*Opcode+pos+1),&wOp,&wMem);
FOpcode=wOp&0x00FF;
if(FOpcode>0x7F) // check for signed numbers
{
wsprintf(Aritmathic,"%s",Scale[0]); // '-' Signed Numbers
FOpcode = 0x100-FOpcode; // -XX
}
wsprintf(menemonic,"%02X%04X",Op,wOp);
lstrcat((*Disasm)->Opcode,menemonic);
wsprintf(tempMeme,"%s ptr %s:[%s%s%02X]",RSize,segs[SEG],Addr,Aritmathic,FOpcode);
++(*(*index)); // 1 byte read
(*Disasm)->OpcodeSize=3;
}
break;
case 2: // 2 Bytes Extension to RegMem
{
SwapDword((BYTE*)(*Opcode+pos),&dwOp,&dwMem);
SwapWord((BYTE*)(*Opcode+pos+2),&wOp,&wMem);
wsprintf(menemonic,"%08X",dwOp);
(*Disasm)->OpcodeSize=4;
lstrcat((*Disasm)->Opcode,menemonic);
wsprintf(tempMeme,"%s ptr %s:[%s%s%04X]",RSize,segs[SEG],Addr,Aritmathic,wMem);
(*(*index))+=2; // we read 2 bytes
}
break;
}
// Switch Direction Mode.
// And Build Menemonic from that direction
switch(Bit_d)
{
case 0: // (->)
{
// Check for More Menemonics Addons
switch(Op)// Check for all Cases
{
case 0x6B:
{
// We check Extension because there is a diff
// Reading position of bytes depend on the extension
// 1 = read byte, 3rd position
// 2 = read dword, 6th position
if(Extension==1) // read 1 byte at 3rd position
{
SwapWord((BYTE*)(*Opcode+pos+2),&wOp,&wMem);
FOpcode=wOp&0x00FF;
wsprintf(temp,"%02X",FOpcode);
lstrcat((*Disasm)->Opcode,temp);
}
else{
if(Extension==2) //read byte at 7th position (dword read before)
{
SwapWord((BYTE*)(*Opcode+pos+3),&wOp,&wMem);
FOpcode=wOp&0x00FF;
wsprintf(temp,"%02X",FOpcode);
lstrcat((*Disasm)->Opcode,temp);
}
else
{ // Extension==0
SwapWord((BYTE*)(*Opcode+pos+1),&wOp,&wMem);
FOpcode=wOp&0x00FF;
wsprintf(temp,"%02X",FOpcode);
lstrcat((*Disasm)->Opcode,temp);
}
}
if(FOpcode>0x7F) // check for signed numbers!!
{
FOpcode = 0x100-FOpcode; // -XX (Signed)
wsprintf(Aritmathic,"%s",Scale[0]); // '-' aritmathic (Signed)
}
else
strcpy(Aritmathic,"");
strcpy(instruction,"imul");
wsprintf(temp,"%s %s,%s,%s%02X",instruction,regs[RM][reg2],tempMeme,Aritmathic,FOpcode);
(*(*index))++;
(*Disasm)->OpcodeSize++;
}
break;
case 0x81: case 0xC7: case 0x69:
{
// Get Extensions!
//================
if(Extension==0)
{
if(PrefixReg==0)
{
SwapDword((BYTE*)(*Opcode+pos+2),&dwOp,&dwMem);
wsprintf(temp," %08X",dwOp);
lstrcat((*Disasm)->Opcode,temp);
wsprintf(temp,"%08X",dwMem);
}
else
{
SwapWord((BYTE*)(*Opcode+pos+2),&wOp,&wMem);
wsprintf(temp," %04X",wOp);
lstrcat((*Disasm)->Opcode,temp);
wsprintf(temp,"%04X",wMem);
}
}
else if(Extension==1)
{
if(PrefixReg==0)
{
SwapDword((BYTE*)(*Opcode+pos+3),&dwOp,&dwMem);
wsprintf(temp," %08X",dwOp);
lstrcat((*Disasm)->Opcode,temp);
wsprintf(temp,"%08X",dwMem);
}
else
{
SwapWord((BYTE*)(*Opcode+pos+3),&wOp,&wMem);
wsprintf(temp," %04X",wOp);
lstrcat((*Disasm)->Opcode,temp);
wsprintf(temp,"%04X",wMem);
}
}
else if(Extension==2)
{
if(PrefixReg==0)
{
SwapDword((BYTE*)(*Opcode+pos+4),&dwOp,&dwMem);
wsprintf(temp," %08X",dwOp);
lstrcat((*Disasm)->Opcode,temp);
wsprintf(temp,"%08X",dwMem);
}
else
{
SwapWord((BYTE*)(*Opcode+pos+4),&wOp,&wMem);
wsprintf(temp," %04X",wOp);
lstrcat((*Disasm)->Opcode,temp);
wsprintf(temp,"%04X",wMem);
}
}
if(Op==0xC7)
{
/*
Instruction rule: Mem,Imm -> 1100011woo000mmm,imm
Code Block: 1100011
w = Reg Size
oo - Mod
000 - Must be!
mmm - Reg/Mem
imm - Immidiant (麼弳)
*/
if(reg1!=0)
lstrcat((*Disasm)->Remarks,"Invalid Instruction");
wsprintf(instruction,"%s","mov");
}
else
{
if (Op==0x69) // IMUL REG,MEM,IIM32
{
wsprintf(instruction,"imul %s,",regs[RM][reg1]);
}
else
wsprintf(instruction,"%s",Instructions[REG]);
}
wsprintf(menemonic,"%s %s,%s",instruction,tempMeme,temp);
strcpy(temp,menemonic);
(*(*index))+=4;
(*Disasm)->OpcodeSize+=4;
}
break;
case 0x80:case 0x82: case 0x83: case 0xC6:
{
// We check Extension because there is a diff
// Reading position of bytes depend on the extension
// 1 = read byte, 3rd position
// 2 = read dword, 6th position
if(Extension==1) // read 1 byte at 3rd position
{
SwapWord((BYTE*)(*Opcode+pos+2),&wOp,&wMem);
FOpcode=wOp&0x00FF;
wsprintf(temp,"%02X",FOpcode);
lstrcat((*Disasm)->Opcode,temp);
}
else{
if(Extension==2) //read byte at 7th position (dword read before)
{
SwapWord((BYTE*)(*Opcode+pos+4),&wOp,&wMem);
FOpcode=wOp&0x00FF;
wsprintf(temp,"%02X",FOpcode);
lstrcat((*Disasm)->Opcode,temp);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -