Exemple #1
0
EASYHOOK_NT_INTERNAL LhDisassembleInstruction(void* InPtr, ULONG* length, PSTR buf, LONG buffSize, ULONG64 *nextInstr)
{
/*
Description:

    Takes a pointer to machine code and returns the length and
    ASM code for the referenced instruction.
    
Returns:
    STATUS_INVALID_PARAMETER

        The given pointer references invalid machine code.
*/
    // some exotic instructions might not be supported see the project
    // at https://github.com/vmt/udis86.

    ud_t ud_obj;
    ud_init(&ud_obj);
#ifdef _M_X64
    ud_set_mode(&ud_obj, 64);
#else
    ud_set_mode(&ud_obj, 32);
#endif
    ud_set_syntax(&ud_obj, UD_SYN_INTEL);
    ud_set_asm_buffer(&ud_obj, buf, buffSize);
    ud_set_input_buffer(&ud_obj, (uint8_t *)InPtr, 32);
    *length = ud_disassemble(&ud_obj);
    
    *nextInstr = (ULONG64)InPtr + *length;

    if(length > 0)
        return STATUS_SUCCESS;
    else
        return STATUS_INVALID_PARAMETER;
}
Exemple #2
0
/* =============================================================================
 * ud_set_asm_buffer
 *    Allow the user to set an assembler output buffer. If `buf` is NULL,
 *    we switch back to the internal buffer.
 * =============================================================================
 */
void
ud_set_asm_buffer(struct ud *u, char *buf, size_t size)
{
  if (buf == NULL) {
    ud_set_asm_buffer(u, u->asm_buf_int, sizeof(u->asm_buf_int));
  } else {
    u->asm_buf = buf;
    u->asm_buf_size = size;
  }
}
Exemple #3
0
/* =============================================================================
 * ud_init
 *    Initializes ud_t object.
 * =============================================================================
 */
extern void 
ud_init(struct ud* u)
{
  memset((void*)u, 0, sizeof(struct ud));
  ud_set_mode(u, 16);
  u->mnemonic = UD_Iinvalid;
  ud_set_pc(u, 0);
#ifndef __UD_STANDALONE__
  ud_set_input_file(u, stdin);
#endif /* __UD_STANDALONE__ */

  ud_set_asm_buffer(u, u->asm_buf_int, sizeof(u->asm_buf_int));
}