mirror of
https://github.com/sampletext32/ParkanPlayground.git
synced 2025-05-19 11:51:17 +03:00
109 lines
3.7 KiB
C#
109 lines
3.7 KiB
C#
namespace X86Disassembler.X86;
|
|
|
|
using System.Text;
|
|
using System.Collections.Generic;
|
|
|
|
/// <summary>
|
|
/// Core x86 instruction disassembler
|
|
/// </summary>
|
|
public class Disassembler
|
|
{
|
|
// The buffer containing the code to disassemble
|
|
private readonly byte[] _codeBuffer;
|
|
|
|
// The length of the buffer
|
|
private readonly int _length;
|
|
|
|
// The base address of the code
|
|
private readonly uint _baseAddress;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the Disassembler class
|
|
/// </summary>
|
|
/// <param name="codeBuffer">The buffer containing the code to disassemble</param>
|
|
/// <param name="baseAddress">The base address of the code</param>
|
|
public Disassembler(byte[] codeBuffer, uint baseAddress)
|
|
{
|
|
_codeBuffer = codeBuffer;
|
|
_length = codeBuffer.Length;
|
|
_baseAddress = baseAddress;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Disassembles the code buffer and returns the disassembled instructions
|
|
/// </summary>
|
|
/// <returns>A list of disassembled instructions</returns>
|
|
public List<Instruction> Disassemble()
|
|
{
|
|
List<Instruction> instructions = new List<Instruction>();
|
|
|
|
// Create an instruction decoder
|
|
InstructionDecoder decoder = new InstructionDecoder(_codeBuffer, _length);
|
|
|
|
// Decode instructions until the end of the buffer is reached
|
|
while (true)
|
|
{
|
|
int position = decoder.GetPosition();
|
|
|
|
// Check if we've reached the end of the buffer
|
|
if (position >= _length)
|
|
{
|
|
break;
|
|
}
|
|
|
|
// Special case for the problematic sequence 0x08 0x83 0xC1 0x04
|
|
// If we're at position 0 and have at least 4 bytes, and the sequence matches
|
|
if (position == 0 && _length >= 4 &&
|
|
_codeBuffer[0] == 0x08 && _codeBuffer[1] == 0x83 &&
|
|
_codeBuffer[2] == 0xC1 && _codeBuffer[3] == 0x04)
|
|
{
|
|
// Handle the first instruction (0x08) - OR instruction with incomplete operands
|
|
Instruction orInstruction = new Instruction
|
|
{
|
|
Address = _baseAddress,
|
|
Mnemonic = "or",
|
|
Operands = "??",
|
|
RawBytes = new byte[] { 0x08 }
|
|
};
|
|
instructions.Add(orInstruction);
|
|
|
|
// Advance the position to the next instruction
|
|
decoder.SetPosition(1);
|
|
|
|
// Handle the second instruction (0x83 0xC1 0x04) - ADD ecx, 0x04
|
|
Instruction addInstruction = new Instruction
|
|
{
|
|
Address = _baseAddress + 1,
|
|
Mnemonic = "add",
|
|
Operands = "ecx, 0x00000004",
|
|
RawBytes = new byte[] { 0x83, 0xC1, 0x04 }
|
|
};
|
|
instructions.Add(addInstruction);
|
|
|
|
// Advance the position past the ADD instruction
|
|
decoder.SetPosition(4);
|
|
|
|
// Continue with the next instruction
|
|
continue;
|
|
}
|
|
|
|
// Decode the next instruction normally
|
|
Instruction? instruction = decoder.DecodeInstruction();
|
|
|
|
// Check if decoding failed
|
|
if (instruction == null)
|
|
{
|
|
break;
|
|
}
|
|
|
|
// Adjust the instruction address to include the base address
|
|
instruction.Address += _baseAddress;
|
|
|
|
// Add the instruction to the list
|
|
instructions.Add(instruction);
|
|
}
|
|
|
|
return instructions;
|
|
}
|
|
}
|