// Copyright (C) 2004, Matt Conover (mconover@gmail.com)
#undef NDEBUG
#include <assert.h>
#include "disasm.h"
#include "cpu.h"
// Since addresses are internally represented as 64-bit, we need to specially handle
// cases where IP + Displacement wraps around for 16-bit/32-bit operand size
// Otherwise, ignorethe possibility of wraparounds
#define SUPPORT_WRAPAROUND
#ifdef NO_SANITY_CHECKS
#undef NDEBUG
#undef DEBUG_DISASM
#undef assert
#define assert(x)
#endif
#ifdef DEBUG_DISASM
#define DISASM_OUTPUT(x) printf x
#else
#define DISASM_OUTPUT(x)
#endif
#include "disasm_x86_tables.h"
#ifdef _WIN64
#pragma warning(disable:4311 4312)
#endif
////////////////////////////////////////////////////////////////////////
// Internal macros
////////////////////////////////////////////////////////////////////////
#define VIRTUAL_ADDRESS ((U64)Instruction->Address + Instruction->VirtualAddressDelta)
#define AMD64_DIFF (AMD64_8BIT_OFFSET-X86_8BIT_OFFSET)
#define IS_AMD64() (INS_ARCH_TYPE(Instruction) == ARCH_X64)
#define IS_X86_32() (INS_ARCH_TYPE(Instruction) == ARCH_X86)
#define IS_X86_16() (INS_ARCH_TYPE(Instruction) == ARCH_X86_16)
#define X86_BOUND 0x62
#define X86_PUSH_REG 0x50
#define X86_PUSH_CS 0x0e
#define X86_PUSH_DS 0x1e
#define X86_PUSH_SS 0x16
#define X86_PUSH_ES 0x06
#define X86_PUSH_FS 0xa0
#define X86_PUSH_GS 0xa8
#define X86_PUSH_U8 0x6a
#define X86_PUSH_U32 0x68
#define X86_POP_DS 0x1f
#define X86_POP_ES 0x07
#define X86_POP_SS 0x17
#define X86_POP_FS 0xa1
#define X86_POP_GS 0xa9
#define X86_POP_REG 0x58
#define OPCSTR Instruction->String+Instruction->StringIndex
#define APPEND Instruction->StringIndex += (U8)_snprintf
#define APPENDPAD(x) \
{ \
if (Instruction->StringAligned) \
{ \
if (Instruction->StringIndex > x) assert(0); \
while (x != Instruction->StringIndex) APPENDB(' '); \
} \
else if (Instruction->StringIndex) \
{ \
APPENDB(' '); \
} \
}
#define APPENDB(a) Instruction->String[Instruction->StringIndex++] = a
#define APPENDS(a) APPEND(OPCSTR, SIZE_LEFT, a);
#define SIZE_LEFT (MAX_OPCODE_DESCRIPTION-1 > Instruction->StringIndex ? MAX_OPCODE_DESCRIPTION-Instruction->StringIndex : 0)
// If an address size prefix is used for an instruction that doesn't make sense, restore it
// to the default
#define SANITY_CHECK_OPERAND_SIZE() \
{ \
if (!Instruction->AnomalyOccurred && X86Instruction->HasOperandSizePrefix) \
{ \
if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: Unexpected operand size prefix\n", VIRTUAL_ADDRESS); \
Instruction->AnomalyOccurred = TRUE; \
X86Instruction->HasOperandSizePrefix = FALSE; \
switch (X86Instruction->OperandSize) \
{ \
case 4: X86Instruction->OperandSize = 2; break; \
case 2: X86Instruction->OperandSize = 4; break; \
default: assert(0); \
} \
} \
}
#define SANITY_CHECK_ADDRESS_SIZE() \
{ \
if (!Instruction->AnomalyOccurred && X86Instruction->HasAddressSizePrefix) \
{ \
if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: Unexpected address size prefix\n", VIRTUAL_ADDRESS); \
Instruction->AnomalyOccurred = TRUE; \
} \
X86Instruction->HasAddressSizePrefix = FALSE; \
switch (INS_ARCH_TYPE(Instruction)) \
{ \
case ARCH_X64: X86Instruction->AddressSize = 8; break; \
case ARCH_X86: X86Instruction->AddressSize = 4; break; \
case ARCH_X86_16: X86Instruction->AddressSize = 2; break; \
} \
}
#define SANITY_CHECK_SEGMENT_OVERRIDE() \
if (!Instruction->AnomalyOccurred && X86Instruction->HasSegmentOverridePrefix) \
{ \
if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: Unexpected segment override\n", VIRTUAL_ADDRESS); \
Instruction->AnomalyOccurred = TRUE; \
}
#define INSTR_INC(size) \
{ \
Instruction->Length += size; \
Address += size; \
}
#define X86_SET_TARGET() \
{ \
if (X86Instruction->HasSelector) \
{ \
if (!Instruction->AnomalyOccurred) \
{ \
if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: unexpected segment 0x%02X\n", VIRTUAL_ADDRESS, X86Instruction->Selector); \
Instruction->AnomalyOccurred = TRUE; \
} \
} \
else \
{ \
switch (X86Instruction->Segment) \
{ \
case SEG_CS: \
case SEG_DS: \
case SEG_SS: \
case SEG_ES: \
assert(!X86Instruction->HasSelector); \
Operand->TargetAddress = (U64)X86Instruction->Displacement; \
/* assert(!GetAbsoluteAddressFromSegment((BYTE)X86Instruction->Segment, (DWORD)X86Instruction->Displacement) || GetAbsoluteAddressFromSegment(X86Instruction->Segment, (DWORD)X86Instruction->Displacement) == Operand->TargetAddress); */ \
break; \
case SEG_FS: \
case SEG_GS: \
assert(!X86Instruction->HasSelector); \
Operand->TargetAddress = (U64)GetAbsoluteAddressFromSegment((BYTE)X86Instruction->Segment, (DWORD)X86Instruction->Displacement); \
break; \
default: \
assert(0); /* shouldn't be possible */ \
break; \
} \
} \
}
#define X86_SET_SEG(reg) \
{ \
if (!X86Instruction->HasSegmentOverridePrefix && (reg == REG_EBP || reg == REG_ESP)) \
{ \
assert(!X86Instruction->HasSelector); \
X86Instruction->Segment = SEG_SS; \
} \
}
#define X86_SET_ADDR() \
{ \
if (Operand->Flags & OP_DST) \
{ \
assert(!X86Instruction->HasDstAddressing); \
X86Instruction->HasDstAddressing = TRUE; \
X86Instruction->DstOpIndex[X86Instruction->DstOpCount] = (U8)OperandIndex; \
X86Instruction->DstOpCount++; \
X86Instruction->DstAddressIndex = (U8)OperandIndex; \
} \
if (Operand->Flags & OP_SRC) \
{ \
if (Instruction->Type != ITYPE_STRCMP) assert(!X86Instruction->HasSrcAddressing); \
X86Instruction->HasSrcAddressing = TRUE; \
X86Instruction->SrcOpIndex[X86Instruction->SrcOpCount] = (U8)OperandIndex; \
X86Instruction->SrcOpCount++; \
X86Instruction->SrcAddressIndex = (U8)OperandIndex; \
} \
}
#define X86_SET_REG(reg) \
{ \
if (Operand->Flags & OP_DST) \
{ \
X86Instruction->DstOpIndex[X86Instruction->DstOpCount] = (U8)OperandIndex; \
X86Instruction->DstOpCount++; \
assert(OperandIndex < 2); \
if (Operand->Length > 1 && reg == REG_ESP) Instruction->Groups |= ITYPE_STACK; \
} \
if (Operand->Flags & OP_SRC) \
{ \
X86Instruction->SrcOpIndex[X86Instruction->SrcOpCount] = (U8)OperandIndex; \
X86Instruction->SrcOpCount++; \
} \
}
#define CHECK_AMD64_REG() { if (IS_AMD64()) Operand->Register += AMD64_DIFF; }
////////////////////////////////////////////////////////////////////////
// Internal structures/variables
////////////////////////////////////////////////////////////////////////
ARCHITECTURE_FORMAT_FUNCTIONS X86 =
{
X86_InitInstruction,
NULL,
X86_GetInstruction,
X86_FindFunctionByPrologue
};
char *X86_Registers[0xE0] =
{
// Segments
"es", // 0x00
"cs", // 0x01
"ss", // 0x02
"ds", // 0x03
"fs", // 0x04
"gs", // 0x05
"flags", // 0x06
"eflags", // 0x07
"rflags", // 0x08
"ip+ilen", // 0x09
"eip+ilen", // 0x0A
"rip+ilen", // 0x0B
NULL, // 0x0C
NULL, // 0x0D
NULL, // 0x0E
NULL, // 0x0F
// Test
"tr0", // 0x10
"tr1", // 0x11
"tr2", // 0x12
"tr3", // 0x13
"tr4", // 0x14
"tr5", // 0x15
"tr6", // 0x16
"tr7", // 0x17
"tr8", // 0x18
"tr9", // 0x19
"tr10", // 0x1A
"tr11", // 0x1B
"tr12", // 0x1C
"tr13", // 0x1D
"tr14", // 0x1E
"tr15", // 0x1F
// Control
"cr0", // 0x20
"cr1", // 0x21
"cr2", // 0x22
"cr3", // 0x23
"cr4", // 0x24
"cr5", // 0x25
"cr6", // 0x26
"cr7", // 0x27
"cr8", // 0x18
"cr9", // 0x19
"cr10", // 0x1A
"cr11", // 0x1B
"cr12", // 0x1C
"cr13", // 0x1D
"cr14", // 0x1E
"cr15", // 0x1F
// Debug
"dr0", // 0x30
"dr1", // 0x31
"dr2", // 0x32
"dr3", // 0x33
"dr4", // 0x34
"dr5", // 0x35
"dr6", // 0x36
"dr7", // 0x37
"dr8", // 0x38
"dr9", // 0x39
"dr10", // 0x3A
"dr11", // 0x3B
"dr12", // 0x3C
"dr13", // 0x3D
"dr14", // 0x3E
"dr15", // 0x3F
// FPU
"st(0)", // 0x40
"st(1
没有合适的资源?快使用搜索试试~ 我知道了~
mhook - 2.2
共17个文件
h:7个
c:4个
cpp:3个
5星 · 超过95%的资源 需积分: 18 9 下载量 7 浏览量
2011-06-15
23:15:02
上传
评论
收藏 73KB ZIP 举报
温馨提示
x86 x64 hook engine x86 x64 hook engine x86 x64 hook engine x86 x64 hook engine
资源推荐
资源详情
资源评论
收起资源包目录
mhook-2.2.zip (17个子文件)
COPYING 1KB
mhook-test.vcproj 9KB
stdafx.h 452B
mhook-lib
mhook.h 1KB
mhook.cpp 32KB
stdafx.cpp 297B
mhook-test.cpp 5KB
disasm-lib
cpu.h 7KB
cpu.c 2KB
disasm.c 4KB
disasm_x86.c 147KB
disasm_x86_tables.h 259KB
misc.h 1KB
disasm_x86.h 21KB
disasm.h 16KB
misc.c 5KB
mhook-test.sln 1KB
共 17 条
- 1
资源评论
- imfei2012-01-28很好的东西,Ms的Detour64位要9999$,这个是完全开源的,不过现在2.3版本也已经出来了!
hwl_voy
- 粉丝: 2
- 资源: 12
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功