Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to set the decode base address #216

Open
eaglesharkmayonnaise opened this issue Mar 17, 2020 · 7 comments
Open

How to set the decode base address #216

eaglesharkmayonnaise opened this issue Mar 17, 2020 · 7 comments
Labels
enhancement implemented

Comments

@eaglesharkmayonnaise
Copy link

the instruction returns different values at different base addresses, such as "jmp 0x77DAE9EC"

  • base: 0x77DAEA00
    decode results:EB EA

  • base: 0x000C1000
    decode results:E9 E7 D9 CE 77
@eaglesharkmayonnaise
Copy link
Author

Is there such a simple api

bool xed_init(__IN__ size_t baseAddress);
bool xed_ecode(__IN__ insString, __OUT__ byte* insDate, __OUT__ size_t insLength);

so we can do this:

xed_init(0x77dea00);
byte insData[256];
size_t insLength;


char  singlelineAsmString[0x100] = {"jmp 0x77DAE9EC"};
// decode single line assembly
xed_ecode(insData,&inslength,singlelineAsmString);

// decode multiline assembly
char  multilineAsmString[0x100] = {
    "jmp 0x77DAE9EC\n"
    "pop\n"
    "call 0x12345678\n"};
xed_ecode(insData,&inslength,multilineAsmString);

@markcharney
Copy link
Contributor

xed_format_context() and xed_format_generic() allow users to pass a runtime address to use in generating the disassembly. See xed-decoded-inst-api.h. The latter function takes a structure defined in xed-print-info.h.

@markcharney
Copy link
Contributor

For creating instructions, there are many options. See the xed-asmparse.c and .h files in the examples. There is also a new encoder called enc2. I have some fixes that I hope to push out for that this week.

@eaglesharkmayonnaise
Copy link
Author

eaglesharkmayonnaise commented Apr 18, 2020
edited
Loading

hello, i checked the sample code today, but no example of decoding multi-line assembly was found.

image

@markcharney
Copy link
Contributor

Yes, xed-asmparse.c is a simple example. It would take a small amount of restructuring to allow it to handle multiple requests, separated by a semicolon or a newline character. Right now process_args() returns one request to encode. The code could be modified to return a list of requests to encode. Or, better, it could return the full command line assembly string and some data (collected from the command line switches) that a new function could use to create a list of requests... I have another customer who is interested in this so I guess I can put it on the list. Lots of extra time to program these days...

@markcharney
Copy link
Contributor

I just tweaked it in my workspace to use a semicolon as a separator. I will look for a moment to push out my commits.

% obj/wkit/bin/xed-asmparse-main -64 -q "add rax, rbx;mov rcx, rbx;"
Assembling [add rax, rbx]
48 01 d8
Assembling [mov rcx, rbx]
48 89 d9

@markcharney
Copy link
Contributor

I guess the next step would be allowing labels and trying to get the branch displacements right.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement implemented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markcharney @eaglesharkmayonnaise