------------------------------------------------------
Hacker Disassembler Engine version 0.06
------------------------------------------------------
====< Description >================================================================
Hacker Disassembler Engine, or HDE, is a small disassembler engine, which intend to
code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode,
immediates, displacements, relative addresses, etc. For example, you can use HDE
when writing unpackers or decryptors executable files, because more other
disassemblers too big, get only disasm listing and aren't intended for code
analysis, but more simple length disassemblers usually get too little info. HDE get
enough info to analyse, but it has very small size. HDE package include DLL,
object files in difference formats, header files and and assembler source.
+ support MMX, SSE, SSE2, SSE3, 3DNow! instructions
+ high-speed & small size (~1 kb)
+ compatibility with most coding language
====< Usage >======================================================================
To disassemble should call "hde_disasm" function:
unsigned long hde_disasm(
const void *pCode // pointer to code
HDE_STRUCT *pHDE_STRUCT // pointer to structure HDE_STRUCT
);
This function return length of command and fill structure HDE_STRUCT:
typedef struct {
unsigned char len; // length of command
unsigned char p_rep; // rep, rep(n)z prefix: 0xF2 or 0xF3
unsigned char p_lock; // lock prefix 0xF0
unsigned char p_seg; // segment prefix: 0x2E, 0x36, 0x3E, 0x26, 0x64, 0x65
unsigned char p_66; // prefix 0x66
unsigned char p_67; // prefix 0x67
unsigned char opcode; // opcode
unsigned char opcode2; // second opcode (if first opcode equal 0x0F)
unsigned char modrm; // ModR/M byte
unsigned char modrm_mod; // - mod byte of ModR/M
unsigned char modrm_reg; // - reg byte of ModR/M
unsigned char modrm_rm; // - r/m byte of ModR/M
unsigned char sib; // SIB byte
unsigned char sib_scale; // - scale byte of SIB
unsigned char sib_index; // - index byte of SIB
unsigned char sib_base; // - base byte of SIB
unsigned char imm8; // immediate imm8
unsigned short imm16; // immediate imm16
unsigned long imm32; // immediate imm32
unsigned char disp8; // displacement disp8
unsigned short disp16; // displacement disp16 (if prefix 0x67 exist)
unsigned long disp32; // displacement disp32
unsigned char rel8; // relative address rel8
unsigned short rel16; // relative address rel16 (if prefix 0x66 exist)
unsigned long rel32; // relative address rel32
} HDE_STRUCT;
Fields "opcode" and "len" always exist, other are optional and depend of command.
If field's value equal zero, then it isn't existing.
Note: HDE work only with 32-bit commands of x86 processors !
====< Contacts >===================================================================
Author: Veacheslav Patkov
E-mail: patkov-mail@mail.ru
Web-site: http://patkov-site.narod.ru/eng.html
Please excuse my english... It's so bad
Improvements, suggestions and bugfixes are welcomed.
转至:UNPACKCN 感谢:SiMON
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
上传的附件: