Windows_Debugger/Disassembler.cpp at master · Chadys/Windows_Debugger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#include "disassembler.h"
#include "display.hpp"
#include <string>

Disassembler::Disassembler(cs_arch archi, cs_mode mode, bool detail)
  : init(false){

    if(cs_open(archi, mode, &handle) != CS_ERR_OK){
    	ColorChanger::SetColor(RED, true);
      	printf("CAPSTONE ERROR: API Fail !\n");
    	ColorChanger::Reset();
      	return;
    }
    this->insn = cs_malloc(this->handle);
    if(!this->insn){
    	ColorChanger::SetColor(RED, true);
      	printf("CAPSTONE ERROR: CS_MALLOC Fail !\n");
    	ColorChanger::Reset();
      	cs_close(&this->handle);
      	return;
    }


    this->init = true;
    if(detail)
      	cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
}


Disassembler::~Disassembler(){
  if(this->init){
    cs_close(&this->handle);
    cs_free(this->insn, 1);
  }
}


void Disassembler::Display(BYTE code[], size_t code_size, size_t count, uint64_t address, const std::map<DWORD,BYTE> &mapbp, const std::pair<DWORD,BYTE> &pairbp){
  	if(!init){
    	ColorChanger::SetColor(RED, true);
    	printf("CAPSTONE ERROR: Bad Disassembler initialisation, display failed !\n");
    	ColorChanger::Reset();
    	return;
  	}
  	ColorChanger::SetColor(BLUE);
  	printf("\n----------------------------------------------------------------\n\n");
  	uint64_t lastaddress = address;
  	size_t firstcount = count;
  	for(; count ; --count){
	  	if (code[0] == 0xCC){
	  		if(pairbp.first == address)
	  			code[0] = pairbp.second;
	  		else{
	  			std::map<DWORD,BYTE>::const_iterator it = mapbp.find(address);
	  			if (it != mapbp.end())
	  				code[0] = it->second;
	  		}
	  	}
  		const uint8_t* codebis = code;
  		if(!cs_disasm_iter(this->handle, &codebis, &code_size, &address, this->insn))
  			break;
  		code += address - lastaddress;
  		lastaddress = address;
  		std::string db(".byte");
  		if(!db.compare(insn->mnemonic)){
  			count++;
  			continue;
  		}
  	  	ColorChanger::SetColor(YELLOW, !(firstcount-count));
  	  	printf("0x%lX:", (DWORD)insn->address);
  	  	ColorChanger::SetColor(CYAN, !(firstcount-count));
  	  	printf("\t%s\t\t%s\n", insn->mnemonic,insn->op_str);
	}
  	ColorChanger::SetColor(BLUE);
  	printf("\n----------------------------------------------------------------\n\n");
  	ColorChanger::Reset();
}

uint64_t Disassembler::GetNextLineCall(const uint8_t* code, uint64_t address){
	if(!init){
    	ColorChanger::SetColor(RED, true);
    	printf("CAPSTONE ERROR: Bad Disassembler initialisation, display failed !\n");
    	ColorChanger::Reset();
    	return 0;
  	}
  	size_t code_size = 2*15;
  	cs_disasm_iter(this->handle, &code, &code_size, &address, this->insn);
  	std::string call("call");
  	if(!call.compare(insn->mnemonic)){
  		cs_disasm_iter(this->handle, &code, &code_size, &address, this->insn);
  		return insn->address;
  	}
  	else
  		return 0;
}

void Disassembler::DisplayInstruction(const uint8_t* code, uint64_t address){
  ColorChanger::SetColor(MAGENTA);
  std::cout << "0x" << std::hex << std::uppercase << address;
  ColorChanger::SetColor(BLACK, true);
  if (this->isValid(code, address))
    std::cout << " ( " << insn->mnemonic << "\t" << insn->op_str << " )" << std::endl;
}


bool Disassembler::isValid(const uint8_t* code, uint64_t address){
	if(!init){
    	ColorChanger::SetColor(RED, true);
    	printf("CAPSTONE ERROR: Bad Disassembler initialisation, display failed !\n");
    	ColorChanger::Reset();
    	return false;
  	}
  	size_t code_size = 15;
  	return cs_disasm_iter(this->handle, &code, &code_size, &address, this->insn);
}