mahdisafsafi / univdisasm Goto Github PK
View Code? Open in Web Editor NEWx86 Disassembler and Analyzer
License: Mozilla Public License 2.0
x86 Disassembler and Analyzer
License: Mozilla Public License 2.0
Why in the GUI version of UnivDisasm can only 64-bit programs be loaded in the GUI 64-bit version and vice versa? Please make a GUI version where both 32-bit and 64-bit programs can be loaded in the 64-bit GUI version.
hello, sorry for my bad English.
I wanted to ask if you had planned to add support for specifying the type of the Argument access and support for specifying the read-write Implicit registers ,Very useful in the analysis of the detailed code.
These features are present in the capstone-next library.
In my local copy in your library I have added support to the type of access only for general purpose instructions
used UnivDisasm-master\GUI\ [1]. is right, [2]. is wrong
[1]. 8B 0D 00 02 46 00 mov ecx,dword ds:[0x00460200] // this is Right
[2]. A1 14 01 46 00 mov eax, ds:0x0046014 //this is error
This should mov eax, dword ds:[0x0046014]
Helo
Is possible to disassembler DCU file using UnivDisasm?
Your disassembly engine (UnivDisasm) developed very well, but if it can support ARM better
Hello,
I realized that all of the all constant definitions related to the category of Istruction are set to 0.
Thank you ;)
INST_CATEGORY_ARITHMETIC = 0; INST_CATEGORY_FLOATING_POINT = 0; INST_CATEGORY_X87_FPU = 0; INST_CATEGORY_COMPARE = 0; INST_CATEGORY_DATA_TRANSFER = 0; INST_CATEGORY_LOAD = 0; INST_CATEGORY_CONVERT = 0; INST_CATEGORY_INTEGER = 0; INST_CATEGORY_STORE = 0; ....... ..... etc..
An access violation can occur in the Disasm
function on the following line: TABLE_1[PInst^.Addr^](PInst);
This happens because an invalid address escapes from UnivDisasm.Internal.Common.DecodeJ
.
The access violation in Disasm
causes memory allocated to TInstruction.Mnem
to be leaked.
I can see that addresses used to be tested, but this was then made optional (effectively disabled). I don't have enough background knowledge to say whether or not there's a problem with the way the address is calculated in DecodeJ
.
Testing and setting invalid addresses to nil in DecodeJ
fixes the memory leak, but raises several access violations. This is problematic if you're using UnivDisasm as part of the DebugEngine library, because the debugger will hook a bunch of access violations every time a stacktrace is generated.
00000000007250D0: 48 8B 05 A0 26 05 77
x64dbg show
mov rax, qword ptr [0x77777777]
you show
mov rax,qword [rip 0x770526A0]
How can I display the real address?
USO_SHOW_DST_ADDR cannot control display 'mov' 'lea' the real address
call @00ada72f
to
call @00ADA72F
add esp,0xf0
to
add esp,0xF0
and can you add the display options for the @ symbol?
This looks more align
Thank you!
I'm testing your library and I realized that decoding incorrectly
the following sequence:
Binary in 32 bits
FFE0 JMP EAX
UnivDisasm decoding as Jmp RAX
Thanks so much
Hello,
005B5E96 D1242B SHL DWORD PTR [EBX+EBP],1
005B5E99 D1641D 00 SHL DWORD PTR [EBP+EBX],1
univDisAsm Decoding this instructions with:
shl dword ds:[ebx+ebp],00
shl dword ds:[ebx+ebp+0x00],00
Shr is the same.
Thanks so much ;)
the first_version is only required, if you released a version before adding delphinus. As you have no releases which do not support delphinus, you can remove it.
The file has one additional comma at the end, which must be removed. For easier validating i suggest using
http://jsonlint.com/
for example
used UnivDisasm-master\Examples\Demo1
/* testfun /
0067B508 call @0x401004
0067B50E jmp @0x401004
0067B514 ret
/------------------------------------------------*/
I just need the original instruction
What should I do? thank you!
In addition to this problem:
#10
In X64 pointers are 8-bytes, so the current layout of TInstruction wastes a lot of space.
It'd be better to rearrange the record to waste less memory.
I'll submit a pull request as soon as I'm able to test the changes.
db $48, $A1, $88, $88, $88, $88, $77, $77, $77, $77
Delphi Show
mov rax,[qword $7777777788888888]
x64dbg show
movabs rax, qword ptr [0x7777777788888888]
UnivDisasm show Missing[]
mov rax,0x7777777788888888
55 push ebp
8B EC mov ebp,esp
83 C4 F8 add esp,0xfffffffffffffff8 <-----error
53 push ebx
56 push esi
The previous version does not have this error
Hi iam wondering if its possible to detect opcodes and display output offset as wildcard bytes eg ??
just like PEiD signatures.
I noticed the code:
if (ins.InstID = INST_ID_MOV) and ((ins.Arg1.Reg = REG_EAX) and (ins.Arg2.Flags > 0)) then
so is it possible to change the offsets bytes to ??
then display the opcode bytes ? :)
Currently, only the includefiles are copied. For the source_folder, simply remove the include subdirectory. (Base only states that the base-directory is removed from the targetpath, which means instead of creating the structure Source\Includes at the destination, it will create \Includes)
same goes for the search- and browsing-paths. You told the setup to copy all files relative to the path after Source. The Search- and Browsing-Pathes are relative to the components source-folder. In your case this would result in something like:
\Source\Source
\Source\Source\Include
You can simply remove the source folder from the Search- and Browsing-Pathes
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.