1
0
Fork 0

Ported & renamed `cbInstrCapstone`

This commit is contained in:
Joel Höner 2017-09-24 03:57:31 +02:00 committed by Duncan Ogilvie
parent 16942049b3
commit 3fca5c9191
3 changed files with 19 additions and 43 deletions

View File

@ -207,11 +207,8 @@ bool cbInstrCopystr(int argc, char* argv[])
return true; return true;
} }
bool cbInstrCapstone(int argc, char* argv[]) bool cbInstrZydis(int argc, char* argv[])
{ {
return false;
/*
if(IsArgumentsLessThan(argc, 2)) if(IsArgumentsLessThan(argc, 2))
return false; return false;
@ -233,7 +230,7 @@ bool cbInstrCapstone(int argc, char* argv[])
if(!valfromstring(argv[2], &addr, false)) if(!valfromstring(argv[2], &addr, false))
return false; return false;
Capstone cp; Zydis cp;
if(!cp.Disassemble(addr, data)) if(!cp.Disassemble(addr, data))
{ {
dputs_untranslated("Failed to disassemble!\n"); dputs_untranslated("Failed to disassemble!\n");
@ -242,54 +239,34 @@ bool cbInstrCapstone(int argc, char* argv[])
auto instr = cp.GetInstr(); auto instr = cp.GetInstr();
int argcount = instr->operandCount; int argcount = instr->operandCount;
dprintf_untranslated("%s %s | %s\n", instr->mnemonic, instr->op_str, cp.InstructionText(true).c_str()); dputs_untranslated(cp.InstructionText(true).c_str());
dprintf_untranslated("size: %d, id: %d, opcount: %d\n", cp.Size(), cp.GetId(), cp.OpCount()); dprintf_untranslated("size: %d, id: %d, opcount: %d\n", cp.Size(), cp.GetId(), instr->operandCount);
if(detail->regs_read_count)
{
dprintf_untranslated("implicit read:");
for(uint8_t i = 0; i < detail->regs_read_count; i++)
dprintf(" %s", cp.RegName(x86_reg(detail->regs_read[i])));
dputs_untranslated("");
}
if(detail->regs_write_count)
{
dprintf_untranslated("implicit write:");
for(uint8_t i = 0; i < detail->regs_write_count; i++)
dprintf(" %s", cp.RegName(x86_reg(detail->regs_write[i])));
dputs_untranslated("");
}
auto rwstr = [](uint8_t access) auto rwstr = [](uint8_t access)
{ {
switch(access) if(access & ZYDIS_OPERAND_ACTION_READ && access & ZYDIS_OPERAND_ACTION_WRITE)
{
case CS_AC_INVALID:
return "none";
case CS_AC_READ:
return "read";
case CS_AC_WRITE:
return "write";
case CS_AC_READ | CS_AC_WRITE:
return "read+write"; return "read+write";
default: if(access & ZYDIS_OPERAND_ACTION_READ)
return "read";
if(access & ZYDIS_OPERAND_ACTION_WRITE)
return "write";
return "???"; return "???";
}
}; };
for(int i = 0; i < argcount; i++) for(int i = 0; i < argcount; i++)
{ {
const cs_x86_op & op = x86.operands[i]; const auto & op = instr->operands[i];
dprintf("operand %d (size: %d, access: %s) \"%s\", ", i + 1, op.size, rwstr(op.access), cp.OperandText(i).c_str()); dprintf("operand %d (size: %d, access: %s) \"%s\", ", i + 1, op.size, rwstr(op.action), cp.OperandText(i).c_str());
switch(op.type) switch(op.type)
{ {
case X86_OP_REG: case ZYDIS_OPERAND_TYPE_REGISTER:
dprintf_untranslated("register: %s\n", cp.RegName((x86_reg)op.reg)); dprintf_untranslated("register: %s\n", cp.RegName(op.reg.value));
break; break;
case X86_OP_IMM: case ZYDIS_OPERAND_TYPE_IMMEDIATE:
dprintf_untranslated("immediate: 0x%p\n", op.imm); dprintf_untranslated("immediate: 0x%p\n", op.imm);
break; break;
case X86_OP_MEM: case ZYDIS_OPERAND_TYPE_MEMORY:
{ {
//[base + index * scale +/- disp] //[base + index * scale +/- disp]
const x86_op_mem & mem = op.mem; const auto & mem = op.mem;
dprintf_untranslated("memory segment: %s, base: %s, index: %s, scale: %d, displacement: 0x%p\n", dprintf_untranslated("memory segment: %s, base: %s, index: %s, scale: %d, displacement: 0x%p\n",
cp.RegName(mem.segment), cp.RegName(mem.segment),
cp.RegName(mem.base), cp.RegName(mem.base),
@ -302,7 +279,6 @@ bool cbInstrCapstone(int argc, char* argv[])
} }
return true; return true;
*/
} }
bool cbInstrVisualize(int argc, char* argv[]) bool cbInstrVisualize(int argc, char* argv[])

View File

@ -7,7 +7,7 @@ bool cbDebugBenchmark(int argc, char* argv[]);
bool cbInstrSetstr(int argc, char* argv[]); bool cbInstrSetstr(int argc, char* argv[]);
bool cbInstrGetstr(int argc, char* argv[]); bool cbInstrGetstr(int argc, char* argv[]);
bool cbInstrCopystr(int argc, char* argv[]); bool cbInstrCopystr(int argc, char* argv[]);
bool cbInstrCapstone(int argc, char* argv[]); bool cbInstrZydis(int argc, char* argv[]);
bool cbInstrVisualize(int argc, char* argv[]); bool cbInstrVisualize(int argc, char* argv[]);
bool cbInstrMeminfo(int argc, char* argv[]); bool cbInstrMeminfo(int argc, char* argv[]);
bool cbInstrBriefcheck(int argc, char* argv[]); bool cbInstrBriefcheck(int argc, char* argv[]);

View File

@ -428,7 +428,7 @@ static void registercommands()
dbgcmdnew("setstr,strset", cbInstrSetstr, false); //set a string variable dbgcmdnew("setstr,strset", cbInstrSetstr, false); //set a string variable
dbgcmdnew("getstr,strget", cbInstrGetstr, false); //get a string variable dbgcmdnew("getstr,strget", cbInstrGetstr, false); //get a string variable
dbgcmdnew("copystr,strcpy", cbInstrCopystr, true); //write a string variable to memory dbgcmdnew("copystr,strcpy", cbInstrCopystr, true); //write a string variable to memory
dbgcmdnew("capstone", cbInstrCapstone, true); //disassemble using capstone dbgcmdnew("zydis", cbInstrZydis, true); //disassemble using zydis
dbgcmdnew("visualize", cbInstrVisualize, true); //visualize analysis dbgcmdnew("visualize", cbInstrVisualize, true); //visualize analysis
dbgcmdnew("meminfo", cbInstrMeminfo, true); //command to debug memory map bugs dbgcmdnew("meminfo", cbInstrMeminfo, true); //command to debug memory map bugs
dbgcmdnew("briefcheck", cbInstrBriefcheck, true); //check if mnemonic briefs are missing dbgcmdnew("briefcheck", cbInstrBriefcheck, true); //check if mnemonic briefs are missing