1
0
Fork 0

DBG: added simple capstone wrapper

This commit is contained in:
Mr. eXoDia 2014-10-13 15:57:52 +02:00
parent a7465f66ab
commit d7cf9dbb79
5 changed files with 87 additions and 18 deletions

View File

@ -0,0 +1,45 @@
#include "console.h"
#include "capstone_wrapper.h"
Capstone::Capstone()
{
mHandle = 0;
mInstr = 0;
#ifdef _WIN64
mError = cs_open(CS_ARCH_X86, CS_MODE_64, &mHandle);
#else //x86
mError = cs_open(CS_ARCH_X86, CS_MODE_32, &mHandle);
#endif //_WIN64
if(mError)
mHandle = 0;
else
cs_option(mHandle, CS_OPT_DETAIL, CS_OPT_ON);
}
bool Capstone::Disassemble(uint addr, unsigned char data[MAX_DISASM_BUFFER])
{
if(mInstr) //free last disassembled instruction
{
cs_free(mInstr, 1);
mInstr = 0;
}
return !!cs_disasm(mHandle, (const uint8_t*)data, MAX_DISASM_BUFFER, addr, 1, &mInstr);
}
const cs_insn* Capstone::GetInstr()
{
return mInstr;
}
const cs_err Capstone::GetError()
{
return mError;
}
Capstone::~Capstone()
{
if(mInstr) //free last disassembled instruction
cs_free(mInstr, 1);
if(mHandle) //close handle
cs_close(&mHandle);
}

View File

@ -0,0 +1,23 @@
#ifndef _CAPSTONE_WRAPPER_H
#define _CAPSTONE_WRAPPER_H
#include "capstone\capstone.h"
#define MAX_DISASM_BUFFER 16
class Capstone
{
public:
Capstone();
~Capstone();
bool Disassemble(uint addr, unsigned char data[MAX_DISASM_BUFFER]);
const cs_insn* GetInstr();
const cs_err GetError();
private:
csh mHandle;
cs_insn* mInstr;
cs_err mError;
};
#endif //_CAPSTONE_WRAPPER_H

View File

@ -1448,6 +1448,7 @@ CMDRESULT cbInstrFindAsm(int argc, char* argv[])
} }
#include "capstone\capstone.h" #include "capstone\capstone.h"
#include "capstone_wrapper.h"
CMDRESULT cbInstrCapstone(int argc, char* argv[]) CMDRESULT cbInstrCapstone(int argc, char* argv[])
{ {
@ -1464,36 +1465,28 @@ CMDRESULT cbInstrCapstone(int argc, char* argv[])
return STATUS_ERROR; return STATUS_ERROR;
} }
char data[16]; unsigned char data[16];
if(!memread(fdProcessInfo->hProcess, (const void*)addr, data, sizeof(data), 0)) if(!memread(fdProcessInfo->hProcess, (const void*)addr, data, sizeof(data), 0))
{ {
dprintf("could not read memory at %p\n", addr); dprintf("could not read memory at %p\n", addr);
return STATUS_ERROR; return STATUS_ERROR;
} }
csh handle; Capstone cp;
#ifdef _WIN64 if(cp.GetError()) //there was an error opening the handle
cs_err error = cs_open(CS_ARCH_X86, CS_MODE_64, &handle);
#else //x86
cs_err error = cs_open(CS_ARCH_X86, CS_MODE_32, &handle);
#endif //_WIN64
if(error)
{ {
dprintf("cs_open() failed, error code %u\n", error); dprintf("cs_open() failed, error code %u\n", cp.GetError());
return STATUS_ERROR; return STATUS_ERROR;
} }
cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
cs_insn* instr; if(!cp.Disassemble(addr, data))
size_t count = cs_disasm(handle, (const uint8_t*)data, sizeof(data), addr, 1, &instr);
if(count)
{ {
dprintf("%p: %s %s\n", instr->address, instr->mnemonic, instr->op_str); dputs("failed to disassemble!");
cs_free(instr, count); //free instruction buffer return STATUS_ERROR;
} }
else //error
dputs("failed to disassemble code!");
cs_close(&handle); const cs_insn* instr = cp.GetInstr();
dprintf("%p: %s %s\n", instr->address, instr->mnemonic, instr->op_str);
return STATUS_CONTINUE; return STATUS_CONTINUE;
} }

View File

@ -15,6 +15,7 @@
<ClCompile Include="argument.cpp" /> <ClCompile Include="argument.cpp" />
<ClCompile Include="assemble.cpp" /> <ClCompile Include="assemble.cpp" />
<ClCompile Include="breakpoint.cpp" /> <ClCompile Include="breakpoint.cpp" />
<ClCompile Include="capstone_wrapper.cpp" />
<ClCompile Include="command.cpp" /> <ClCompile Include="command.cpp" />
<ClCompile Include="console.cpp" /> <ClCompile Include="console.cpp" />
<ClCompile Include="debugger.cpp" /> <ClCompile Include="debugger.cpp" />
@ -66,6 +67,7 @@
<ClInclude Include="capstone\systemz.h" /> <ClInclude Include="capstone\systemz.h" />
<ClInclude Include="capstone\x86.h" /> <ClInclude Include="capstone\x86.h" />
<ClInclude Include="capstone\xcore.h" /> <ClInclude Include="capstone\xcore.h" />
<ClInclude Include="capstone_wrapper.h" />
<ClInclude Include="command.h" /> <ClInclude Include="command.h" />
<ClInclude Include="console.h" /> <ClInclude Include="console.h" />
<ClInclude Include="dbghelp\dbghelp.h" /> <ClInclude Include="dbghelp\dbghelp.h" />

View File

@ -183,6 +183,9 @@
<ClCompile Include="log.cpp"> <ClCompile Include="log.cpp">
<Filter>Source Files\Utilities</Filter> <Filter>Source Files\Utilities</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="capstone_wrapper.cpp">
<Filter>Source Files\Utilities</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="x64_dbg.h"> <ClInclude Include="x64_dbg.h">
@ -368,5 +371,8 @@
<ClInclude Include="capstone\xcore.h"> <ClInclude Include="capstone\xcore.h">
<Filter>Header Files\Third Party\capstone</Filter> <Filter>Header Files\Third Party\capstone</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="capstone_wrapper.h">
<Filter>Header Files\Utilities</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
</Project> </Project>