Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Updated 8/14]SharpDisassembler v1.3 - Now assembler too!

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Binaries
View previous topic :: View next topic  
Author Message
Deltron Z
Expert Cheater
Reputation: 1

Joined: 14 Jun 2009
Posts: 164

PostPosted: Sun Jul 31, 2011 9:16 pm    Post subject: [Updated 8/14]SharpDisassembler v1.3 - Now assembler too! Reply with quote

Ah, so finally I designed my disassembler object-oritented style. so much was done and still there is so much to do... but here is what I have so far, after deleting a few hundreds lines of comments with hundreds remaining, I should really clean up the source...

Updates:
  • v1.3:
    -Assembler almost done - need to cleanup and support ModRM.
    -Fixed some bugs in assembler, disassembler and opcodes list.

    What is soon to come (segments a little buggy):



  • v1.3b:
    -Added full 16-bit support.
    -Added full support for 3 operands instructions.
    -Added all integer and string instructions.
    -Added support for all prefixes, expect address-override which seems useless.
    -Fixed all known bugs.
    -Fixed some bad instructions that caused bugs.
    -Better OOP with encapsulation and more efficient and safe.
    -Cleaned some of the code and added some documentation.
    -The assembler looks promising. Smile
    -Using .NET 3.5 again, but supports (slow) .NET 2.0. (recompile if you want)

    Will be released soon.

  • v1.2:
    -Added (almost full) 16-bit support.
    -Added some more instructions.
    -Added support for 3 operands instructions.
    -Added support for all prefixes, expect address-override.
    -Fixed some bugs.
    -Cleaned some of the code.
    -NOW IN COLOR! Very Happy

    Spoiler of what is soon to come (beginning of...):


  • v1.1:
    Still a little messy as before, tons of code in comments and classes with no encapsulation because I wanted to try some stuff quickly and forgot about them... Surprised
    No major changes, BUT - fixed a lot of bugs, handles some prefixes and instructions that doesn't exist or wasn't found (opcode list still lacking a few instructions...) doesn't mess up the diasssembler.
    Nicer output, instructions and operands contain Text property that represents the instructions. to be efficient (when reading thousands of bytes, even though that's still nothing for a computer ;o) it is only created when accessed for the first time, until then it is null. this way you can disassemble a lot and access the Text property only to the few dozens needed that fit the screen.


SharpDisassembler v1.4 will be good enough to use as a library. Cool
(current version still needs some bug fixes and support for 64-bit, support in assembler for 16-bit, FPU instructions and some changes in code design)

Download v1.3:
MediaFire

Current Features:
  • Support most of Intel's integer instructions.
  • Support use of 8- and 32-bit registers.
  • Support for different addressing modes such as [12345], [EAX+08], [EAX+ECX] and even [EDI+ESI*4+876543210].
  • Full support for instructions with up to 2 operands.
  • An Instruction class that represents an instruction.
  • An Operand class that represents an operand - currently register, immediate value or address.


Images:
For the following input:
Code:
74 12 75 74 66 36 33 15 10 32 54 00 66 2E 69 94 D8 56 34 12 00 05 10

SharpDisassembler's Output (v1.2):


OllyDBG's Output:


How does it work?
After reading some of Intel's manual, I have learned that there is more to the assembly language than meets the eye. writing a disassembler might not require (too much) hard-coding after all! there seems to be a better, smarter and more efficient way to do so.

Instructions have specific encoding rules and each instruction's format is defined in Opcodes.cs.

A quick review:
OpcodeEncoding enumeration:
  • None = 0 - no special encoding in the opcode.
  • Size = w, w = 1 - size field. when 0, the size is byte. otherwise, depending on the instruction (for example, 32-bit for 32-bit assembly, 16-bit if a certain prefix is specified and perhaps 16-bit for certain instructions).
  • SignExtent = s, s = 2 - sign extent means that a smaller value will be extended to a larger value. for example, [6A 08] PUSH 08 - the byte 08 will be extended to the double-word 00000008. another way would be to use the instruction [68 08 00 00 00] PUSH 00000008. note: same value as destination (d) field.
  • Destination = d - d = 2, destination field. if 1, the destination and source operands are switched. for example, XOR EAX, ECX can be replaced to XOR ECX, EAX if this bit flipped. note: same value as sign extent (s) field.
  • The others are currently not used.

(for more information, see References)

OpcodeParameter enumeration:

  • DigitX = 0~7 - Similar to ModR/M, but the Reg field in ModR/M byte is actually an opcode extension. it's value should be X and only the Mode and R/M fields will be taken into consideration.
  • ModRM - Specified that a ModR/M byte follows the instruction's opcode.
  • Immediate[X] - An immediate (constant) value. this cannot be the first parameter of a two or three operands instruction (except for OUT, damn Intel and their uncalled for exceptions). if a value (X) is specified explicitly, X-bits are used as an operand. otherwise, size is dependant on the rest of the instruction.
  • Relative[X] - A relative value. this is used for JMPs, for example. JMP instructions specify distance to jump, some disassemblers choose to display the fixed address. the same for X goes as for Immediate values.
  • Accumulator - Using the accumulator register (AL, AX, EAX) explicitly.
  • Counter - Using the counter register (CL, CX, ECX) explicitly.
  • The others are currently not used.

(for more information, see References)

How To:
A static class called "Disassembler" (hopefuly with the ability to assemble too, soon) has a method named "Disassemble" that accepts byte array and an instruction pointer (address of the first byte) which is currently not used (and might not be used at all, eventually - depending on future design) and returns an array of Instruction objects. pretty simple.

A sample project with it's source code and the library's source code is included in the download.

TODO List:
  • Full support for JMPs and CALLs (relative values, 48-bit addresses, etc...)
  • Support prefixes.
  • Support 16- and 64-bit instructions.
  • Full support for 3 operands instructions.
  • Design OOP better.
  • Improve disassembler efficiency and information provided.
  • Handle certain exceptional instructions (most are specified as comments in the code).
  • Support for FPU, MMX and whatever.
  • Fix any bugs and other to-do's written in code as comments.
  • Clean source code from comments and write documentation.
  • Write an assembler too!
  • Support SIB and ModRM in both assembler and disassembler!


*Red - Not done yet.
*Orange - Partially done.
*Green - Done.


References:
Intel Architecture Software Developer's Manual.
Intel x86 Instruction Reference (not written by Intel).
Inspired by OllyDBG and later I discovered Olly's disassembler is open source - and quite similar to mine, but seems to give more detailed information.

I know of a lot of bugs, exceptional instructions, unhandled instructions and many other things missing, but I'd appreciate if you tell me of any bugs you find, especially non-trivial and rare cases.

You are welcome to suggests any improvments.

_________________
SharpDisassembler

"When I find my code in tons of trouble,
Friends and colleagues come to me...
Speaking words of wisdom:
Write in C."


#pragma message("Let there be byte!")


Last edited by Deltron Z on Fri Sep 02, 2011 1:01 pm; edited 24 times in total
Back to top
View user's profile Send private message
Anden100
Grandmaster Cheater
Reputation: 0

Joined: 20 Apr 2007
Posts: 668

PostPosted: Mon Aug 01, 2011 3:44 am    Post subject: Reply with quote

neat Very Happy, kinda a lot better coded that mine Razz, but! i have a UI!

And i didn't even realize that Olly's disassembler was Open Source :O but there it is, right below the Olly download, "Disasm.zip" Smile, tyvm Razz
Back to top
View user's profile Send private message
PunkH4xInd
How do I cheat?
Reputation: 0

Joined: 19 Oct 2016
Posts: 4

PostPosted: Tue Oct 25, 2016 8:46 am    Post subject: Reply with quote

Please update the download link! Sad
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Binaries All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites