mirror of https://github.com/x64dbg/TitanEngine
fixed bad length disassembler code
This commit is contained in:
NtQuery
parent
91292f2660
commit
4abe175c5e
|
|
@ -135,98 +135,42 @@ __declspec(dllexport) void* TITCALL Disassemble(LPVOID DisassmAddress)
|
||||||
}
|
}
|
||||||
__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress)
|
__declspec(dllexport) long TITCALL StaticLengthDisassemble(LPVOID DisassmAddress)
|
||||||
{
|
{
|
||||||
|
return LengthDisassembleEx(GetCurrentProcess(), DisassmAddress);
|
||||||
_DecodeResult DecodingResult;
|
|
||||||
_DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS];
|
|
||||||
unsigned int DecodedInstructionsCount = 0;
|
|
||||||
#if !defined(_WIN64)
|
|
||||||
_DecodeType DecodingType = Decode32Bits;
|
|
||||||
#else
|
|
||||||
_DecodeType DecodingType = Decode64Bits;
|
|
||||||
#endif
|
|
||||||
MEMORY_BASIC_INFORMATION MemInfo;
|
|
||||||
DWORD MaxDisassmSize;
|
|
||||||
|
|
||||||
VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
|
||||||
if(MemInfo.State == MEM_COMMIT)
|
|
||||||
{
|
|
||||||
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
|
|
||||||
{
|
|
||||||
MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
|
|
||||||
VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
|
||||||
if(MemInfo.State == MEM_COMMIT)
|
|
||||||
{
|
|
||||||
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
|
|
||||||
}
|
|
||||||
DecodingResult = distorm_decode(NULL, (const unsigned char*)DisassmAddress, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount);
|
|
||||||
return(DecodedInstructions[0].size);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress)
|
__declspec(dllexport) long TITCALL LengthDisassembleEx(HANDLE hProcess, LPVOID DisassmAddress)
|
||||||
{
|
{
|
||||||
|
|
||||||
_DecodeResult DecodingResult;
|
|
||||||
_DecodedInst DecodedInstructions[MAX_DECODE_INSTRUCTIONS];
|
|
||||||
unsigned int DecodedInstructionsCount = 0;
|
unsigned int DecodedInstructionsCount = 0;
|
||||||
#if !defined(_WIN64)
|
#if !defined(_WIN64)
|
||||||
_DecodeType DecodingType = Decode32Bits;
|
_DecodeType DecodingType = Decode32Bits;
|
||||||
#else
|
#else
|
||||||
_DecodeType DecodingType = Decode64Bits;
|
_DecodeType DecodingType = Decode64Bits;
|
||||||
#endif
|
#endif
|
||||||
ULONG_PTR ueNumberOfBytesRead = 0;
|
_CodeInfo decomposerCi = {0};
|
||||||
DynBuf ueReadBuf;
|
_DInst decomposerResult[2] = {0};
|
||||||
LPVOID ueReadBuffer = ueReadBuf.Allocate(0x1000);
|
BYTE readBuffer[20] = {0}; //The maximum length of an Intel 64 and IA-32 instruction remains 15 bytes, but we are generous
|
||||||
MEMORY_BASIC_INFORMATION MemInfo;
|
|
||||||
DWORD MaxDisassmSize;
|
|
||||||
|
|
||||||
if(hProcess != NULL)
|
if(hProcess != NULL)
|
||||||
{
|
{
|
||||||
VirtualQueryEx(GetCurrentProcess(), DisassmAddress, &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
if (MemoryReadSafe(hProcess, (LPVOID)DisassmAddress, readBuffer, sizeof(readBuffer), 0))
|
||||||
if(MemInfo.State == MEM_COMMIT)
|
|
||||||
{
|
{
|
||||||
if((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress <= MAXIMUM_INSTRUCTION_SIZE)
|
decomposerCi.code = readBuffer;
|
||||||
|
decomposerCi.codeLen = sizeof(readBuffer);
|
||||||
|
decomposerCi.dt = DecodingType;
|
||||||
|
decomposerCi.codeOffset = (LONG_PTR)DisassmAddress;
|
||||||
|
|
||||||
|
if (distorm_decompose(&decomposerCi, decomposerResult, _countof(decomposerResult), &DecodedInstructionsCount) != DECRES_INPUTERR)
|
||||||
{
|
{
|
||||||
MaxDisassmSize = (DWORD)((ULONG_PTR)MemInfo.BaseAddress + (ULONG_PTR)MemInfo.RegionSize - (ULONG_PTR)DisassmAddress - 1);
|
if (decomposerResult[0].flags != FLAG_NOT_DECODABLE)
|
||||||
VirtualQueryEx(GetCurrentProcess(), (LPVOID)((ULONG_PTR)DisassmAddress + (ULONG_PTR)MemInfo.RegionSize), &MemInfo, sizeof MEMORY_BASIC_INFORMATION);
|
|
||||||
if(MemInfo.State == MEM_COMMIT)
|
|
||||||
{
|
{
|
||||||
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
|
return decomposerResult[0].size;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
MaxDisassmSize = MAXIMUM_INSTRUCTION_SIZE;
|
|
||||||
}
|
|
||||||
if(ReadProcessMemory(hProcess, (LPVOID)DisassmAddress, ueReadBuffer, MaxDisassmSize, &ueNumberOfBytesRead))
|
|
||||||
{
|
|
||||||
DecodingResult = distorm_decode(NULL, (const unsigned char*)ueReadBuffer, MaxDisassmSize, DecodingType, DecodedInstructions, MAX_DECODE_INSTRUCTIONS, &DecodedInstructionsCount);
|
|
||||||
return(DecodedInstructions[0].size);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return(-1);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
return -1;
|
||||||
return(NULL);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return(-1);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress)
|
__declspec(dllexport) long TITCALL LengthDisassemble(LPVOID DisassmAddress)
|
||||||
{
|
{
|
||||||
return(LengthDisassembleEx(dbgProcessInformation.hProcess, DisassmAddress));
|
return LengthDisassembleEx(dbgProcessInformation.hProcess, DisassmAddress);
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue