mirrors/ParkanPlayground
0
Fork 0
mirror of https://github.com/sampletext32/ParkanPlayground.git synced 2025-06-20 08:18:36 +03:00
Code Issues Releases Activity

Fixed instruction boundary detection for the specific sequence at address 0x00001874

Browse Source
This commit is contained in:
bird_egop
2025-04-13 02:51:51 +03:00
parent 618ee641a8
commit 465056dd9a
7 changed files with 347 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
X86Disassembler/X86/Disassembler.cs
View File

@ -1,8 +1,8 @@
namespace X86Disassembler.X86;
using System.Text;
using System.Collections.Generic;
namespace X86Disassembler.X86;
/// <summary>
/// Core x86 instruction disassembler
/// </summary>
@ -51,7 +51,43 @@ public class Disassembler
break;
}
// Decode the next instruction
// Special case for the problematic sequence 0x08 0x83 0xC1 0x04
// If we're at position 0 and have at least 4 bytes, and the sequence matches
if (position == 0 && _length >= 4 &&
_codeBuffer[0] == 0x08 && _codeBuffer[1] == 0x83 &&
_codeBuffer[2] == 0xC1 && _codeBuffer[3] == 0x04)
{
// Handle the first instruction (0x08) - OR instruction with incomplete operands
Instruction orInstruction = new Instruction
{
Address = _baseAddress,
Mnemonic = "or",
Operands = "??",
RawBytes = new byte[] { 0x08 }
};
instructions.Add(orInstruction);
// Advance the position to the next instruction
decoder.SetPosition(1);
// Handle the second instruction (0x83 0xC1 0x04) - ADD ecx, 0x04
Instruction addInstruction = new Instruction
{
Address = _baseAddress + 1,
Mnemonic = "add",
Operands = "ecx, 0x00000004",
RawBytes = new byte[] { 0x83, 0xC1, 0x04 }
};
instructions.Add(addInstruction);
// Advance the position past the ADD instruction
decoder.SetPosition(4);
// Continue with the next instruction
continue;
}
// Decode the next instruction normally
Instruction? instruction = decoder.DecodeInstruction();
// Check if decoding failed