CodeExplorer Posted May 22, 2023 Share Posted May 22, 2023 Looking for low level x86 dissasembler code c++ I want it at low level with knowing everything is going on, altrought information from libraries may bring usefull information. In the end I want to grab all operands, but that's final step. 1 Link to comment
atom0s Posted May 22, 2023 Share Posted May 22, 2023 There's a wiki that covers a list of various disassemblers here: https://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers Some open source projects: https://github.com/capstone-engine/capstone https://github.com/zyantific/zydis https://github.com/icedland/iced https://www.ollydbg.de/disasm.zip - Engine used in OllyDbg Lot of other ones on GitHub and around the web as well. 1 Link to comment
CodeExplorer Posted May 23, 2023 Author Share Posted May 23, 2023 (edited) https://usermanual.wiki/Document/Encoding20Real20x8620Instructions.403814632/help https://sourceforge.net/projects/custard/files/libdisasm/ https://github.com/capstone-engine/capstone/blob/master/arch/X86/X86Disassembler.h http://ref.x86asm.net/coder32.html https://chromium.googlesource.com/external/dynamorio/+/1d0b9451537ca047afd01b982d4b585039895031/core/arch/x86/decode.c https://usermanual.wiki/Document/Encoding20Real20x8620Instructions.403814632/help I wanna implement my own code and not just use a library, to be frankly steps are unknowned to me at this moment. Edited May 23, 2023 by CodeExplorer 1 Link to comment
CodeExplorer Posted May 23, 2023 Author Share Posted May 23, 2023 After lot of search I found instruction length function https://stackoverflow.com/questions/23788236/get-size-of-assembly-instructions/23843450#23843450 Wandering how to decode instructions now. 1 Link to comment
ra1n Posted May 23, 2023 Share Posted May 23, 2023 AFAIK, you'd need to write an entire system for decoding each x86 instruction. This includes things such as interpreting the MODR/M byte. I suggest you just use Zydis, otherwise good luck! Link to comment
jackyjask Posted May 23, 2023 Share Posted May 23, 2023 why reinvent the wheel? there are dozens of bullet - proof industry strength disam engines... dont trust 1st liked post on stackoverflow Link to comment
atom0s Posted May 23, 2023 Share Posted May 23, 2023 15 hours ago, CodeExplorer said: I wanna implement my own code and not just use a library, to be frankly steps are unknowned to me at this moment. Would suggest reading/referencing the Intel/AMD x86 documentation then on how instructions are encoded and such. Those docs will cover all the information you need to be able to write your own engine. There are several other sites that put similar information into a faster-to-read/lookup format such as: http://ref.x86asm.net/coder32.html https://www.felixcloutier.com/x86/ Or reference existing engines on how things can be setup in cleaner table formats to be used in various coding languages. I know you generally code in C#, so you can also look at C#/.NET related projects such as: https://github.com/justinstenning/SharpDisasm https://github.com/icedland/iced Link to comment
CodeExplorer Posted May 24, 2023 Author Share Posted May 24, 2023 7 hours ago, jackyjask said: why reinvent the wheel? there are dozens of bullet - proof industry strength disam engines... dont trust 1st liked post on stackoverflow For one project I will make you are right: there is no reason to reinvent the wheel. But here is the question: any disasm engine supporting Visual C++ 6.0? That's the language I'm currently using. For the second project I need to get operands used by instruction. I don't know any dissasembler supporting this. Or I am suppose to get operands from decoded string instruction, what about speed in this case? Link to comment
atom0s Posted May 24, 2023 Share Posted May 24, 2023 15 hours ago, CodeExplorer said: Visual C++ 6.0 Is there a reason you are making use of such an old version of C++ tooling/compiler? VC6 is long dead and deprecated. All of the modern versions of Visual Studio have completely free community editions which contain the full modern C++ featuresets. If you are going to use C++, you should honestly use modern tooling. 15 hours ago, CodeExplorer said: For the second project I need to get operands used by instruction. I don't know any dissasembler supporting this. Or I am suppose to get operands from decoded string instruction, what about speed in this case? There are various libraries for this kind of thing too. In some cases you may need to combine an assembler and another library to re-disassemble back into a more AST like setup in regards to reading specifics about each opcode and such. https://github.com/keystone-engine/keystone https://github.com/StanfordPL/x64asm https://github.com/herumi/xbyak https://github.com/asmjit/asmjit Along with a handful of other similar projects / examples on GitHub: https://github.com/search?q=x86+assembler+language%3AC%2B%2B&type=repositories A commonly used library in the game hacking scene for this kind of thing is also FASM being compiled and imported into projects to be used as an on-the-fly runtime assembler. http://flatassembler.net/ There are various examples of making use of FASM in all kinds of languages. The most popular in regards to embedding it has generally been C#, but the means to do it were just building a basic C++/CLI wrapper around FASM to be used in C#. You can just import the library into C++ directly instead and not need to have the CLI layer/wrapper. Link to comment
CodeExplorer Posted May 25, 2023 Author Share Posted May 25, 2023 (edited) What about any dissasm library beeing compatible with Visual Studio 2010 profesional? Edited May 25, 2023 by CodeExplorer Link to comment
jackyjask Posted May 25, 2023 Share Posted May 25, 2023 there is even better SW - Visual Studio 6.0 SP4! it is one of the fastest ever developed by MS! it also has got as a bonus fo ryou so called feature packs Link to comment
fearless Posted May 25, 2023 Share Posted May 25, 2023 On 5/24/2023 at 4:55 AM, CodeExplorer said: But here is the question: any disasm engine supporting Visual C++ 6.0 I have used the precompiled Capstone library with masm so i think it should be fine to call its functions from visual c++ 6.0 Link to comment
CodeExplorer Posted June 30, 2023 Author Share Posted June 30, 2023 Adapted https://www.ollydbg.de/disasm.zip - Engine used in OllyDbg to work under Visual C++ 6.0; project attached, for the one interested. Dasm_SrcVC6.rar 1 2 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now