// diStorm64 1.1.4 /* distorm.h Copyright (C) 2003-2006 Gil Dabah, http://ragestorm.net/distorm/ This library is licensed under the BSD license. See the file COPYING. This file is used in win32proj and linuxproj. */ // Comment out this macro if you wish to use 32 bits offsets only! #define SUPPORT_64BIT_OFFSET 1 #ifdef SUPPORT_64BIT_OFFSET #ifdef __GNUC__ #define OFFSET_INTEGER unsigned long long #elif _MSC_VER #define OFFSET_INTEGER unsigned __int64 #endif #else #define OFFSET_INTEGER unsigned long #endif // Support C++ compilers #ifdef __cplusplus extern "C" { #endif // diStorm64 Version 1.1.4 #define __DISTORMV__ 0x114 // Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64. typedef enum {Decode16Bits = 0, Decode32Bits = 1, Decode64Bits = 2} _DecodeType; typedef OFFSET_INTEGER _OffsetType; // Static size of strings. Do not change this value. #define MAX_TEXT_SIZE (60) typedef struct { unsigned int length; unsigned char p[MAX_TEXT_SIZE]; // p is a null terminated string. } _WString; // This structure holds all information the disassembler generates per instruction. typedef struct { _WString mnemonic; // Mnemonic of decoded instruction, prefixed if required by REP, LOCK etc. _WString operands; // Operands of the decoded instruction, up to 3 operands, comma-seperated. _WString instructionHex; // Hex dump - little endian, including prefixes. unsigned int size; // Size of decoded instruction. _OffsetType offset; // Start offset of the decoded instruction. } _DecodedInst; // Return code of the decoding function. typedef enum {DECRES_NONE, DECRES_SUCCESS, DECRES_MEMORYERR, DECRES_INPUTERR} _DecodeResult; // distorm_decode ////////////////// // Input: // offset - Origin of the given code (virtual address that is), NOT an offset in code. // code - Pointer to the code buffer to be disassembled. // length - Amount of bytes that should be decoded from the code buffer. // dt - Decoding mode, 16 bits (Decode16Bits), 32 bits (Decode32Bits) or AMD64 (Decode64Bits). // result - Array of type _DecodeInst which will be used by this function in order to return the disassembled instructions. // maxInstructions - The maximum number of entries in the result array that you pass to this function, so it won't exceed its bound. // usedInstructionsCount - Number of the instruction that successfully were disassembled and written to the result array. // Output: usedInstructionsCount will hold the number of entries used in the result array // and the result array itself will be filled with the disassembled instructions. // Return: DECRES_SUCCESS on success (no more to disassemble), DECRES_INPUTERR on input error (null code buffer, invalid decoding mode, etc...), // DECRES_MEMORYERR when there are not enough entries to use in the result array, BUT YOU STILL have to check for usedInstructionsCount! // Side-Effects: Even if the return code is DECRES_MEMORYERR, there might STILL be data in the // array you passed, this function will try to use as much entries as possible! // Notes: 1)The minimal size of maxInstructions is 15. // 2)You will have to synchronize the offset,code and length by yourself if you pass code fragments and not a complete code block! /////////////////////////////////// _DecodeResult distorm_decode(_OffsetType codeOffset, const unsigned char* code, long codeLen, _DecodeType dt, _DecodedInst result[], unsigned long maxInstructions, unsigned long* usedInstructionsCount); #ifdef __cplusplus }// End Of Extern #endif