| Download:
X86 code translator + ASM + VB examples Download:Self Debugged/Disassembled code technique! Download:Remote Load/Realloc Module+Execute Remote Thread Download:Execute Ring 0 on NT Download:M$ PE & COFF specification (PDF) version:revision (0.02) |
Last Update:22.12.2003. ***WRITE YOUR OWN DISASSEMBLER WITH DISASM.DLL*** X86 code translator library provides translation HEX to X86 code -disasm.dll written by Vanja Fuckar-- preliminary test!- -support pentium 3+pentium 4 code- -extreme fast and very small library ~32kb- Export:use STDCALL DisAssemble proc Data:DWORD,BaseAddress:DWORD,Buffer:DWORD,DisAsmStruct:DWORD,DisasmOpt:DWORD Data:-raw code [IN] BaseAddress:-Virtual Address for -code [IN] Buffer:-code output buffer (128 bytes optimal) [IN/OUT] DisAsmStruct:-pointer to DisAsm Structure [IN/OUT] which contain usefull code information (instruction length,registers,etc) DisasmOpt:-output string option (0-only instruction,1-include hex offsets,2-include address,-1 only fill DisAsmStruct] Procedure return:-number of bytes written in buffer string Internal DisAsmStruct: RegKind struct REG_Kind byte ? ;1=8 bits \ 2=16 bits \ 3=32 bits \ 4=MMX \ 5=XMM \ 6=Float stack \ 7=Segment \ 8=Debug \ 9=Control \ 10=Test REG_Ptr_Kind byte ? ;1=Byte PTR \ 2=Word PTR \ 3=Dword PTR \ 4=Qword PTR \ 5=MMword ptr \ 6=Xmmword ptr \ 7=FWord PTR \ 8=Tbyte ptr REG_Type byte ? ; internals\not for public use! REG_BaseAsReg byte ? ;Bit 1=Base used as Register not as pointer! RegKind ends VALUE_ UNION _1 byte ? _2 word ? _4 dword ? VALUE_ ends Reg STRUCT SEG_TYPE dword ? BASE dword ? ;pointer to Base string INDEX dword ? ;pointer to Index string SCALE VALUE_ <> ;scale value DISPLACEMENTS VALUE_ <> ;displacement value DISPLACEMENT_TYPE VALUE_ <> ;type of dispacement 2=Word \ 4=Dword \ 8=Signed byte \ 32=Signed dword REG_KIND RegKind <> PTR_TYPE dword ? ;pointer to PTR string Reg ends Imm STRUCT VALUE_LO VALUE_ <> VALUE_HI VALUE_ <> ;used only with AbsJump VALUE_TYPE VALUE_ <> ;1=Byte \ 2=Word \ 4=Dword \ 8=ByteToWord \ 16=ByteToDword \ 32=AbsJump \ 64=ShortJump \ 128=LongJump Imm ends DisAsm STRUCT INSTRUCTION_PREFIX dword ? ;pointer to prefix string INSTRUCTION dword ? ;pointer to instruction string REG1 Reg <> REG2 Reg <> REG_REG VALUE_ <> ;bit 1=REG2 as Destination register / otherwise REG1 as Destination,bit 32=extra using CL register IMMEDIATE Imm <> INSTRUCTION_LENGTH VALUE_ <> DisAsm ends U can easily examine code through DisAsm type [OUT] , ensure that buffer must be large enough for outputing! Author: Vanja Fuckar,EMAIL:INGA@VIP.HR |