static void HandleCapstoneOperand(Capstone & cp, int opindex, DISASM_ARG* arg) { const cs_x86 & x86 = cp.x86(); const cs_x86_op & op = x86.operands[opindex]; arg->segment = SEG_DEFAULT; strcpy_s(arg->mnemonic, cp.OperandText(opindex).c_str()); switch(op.type) { case X86_OP_REG: { const char* regname = cp.RegName((x86_reg)op.reg); arg->type = arg_normal; uint value; if(!valfromstring(regname, &value, true, true)) value = 0; arg->constant = arg->value = value; } break; case X86_OP_IMM: { arg->type = arg_normal; arg->constant = arg->value = (duint)op.imm; } break; case X86_OP_MEM: { arg->type = arg_memory; const x86_op_mem & mem = op.mem; if(mem.base == X86_REG_RIP) //rip-relative arg->constant = cp.Address() + (duint)mem.disp + cp.Size(); else arg->constant = (duint)mem.disp; uint value; if(!valfromstring(arg->mnemonic, &value, true, true)) return; arg->value = value; if(DbgMemIsValidReadPtr(value)) { switch(op.size) { case 1: DbgMemRead(value, (unsigned char*)&arg->memvalue, 1); break; case 2: DbgMemRead(value, (unsigned char*)&arg->memvalue, 2); break; case 4: DbgMemRead(value, (unsigned char*)&arg->memvalue, 4); break; case 8: DbgMemRead(value, (unsigned char*)&arg->memvalue, 8); break; } } } break; } }