这篇教程C++ ud_set_mode函数代码示例写得很实用,希望能帮到您。
本文整理汇总了C++中ud_set_mode函数的典型用法代码示例。如果您正苦于以下问题:C++ ud_set_mode函数的具体用法?C++ ud_set_mode怎么用?C++ ud_set_mode使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。 在下文中一共展示了ud_set_mode函数的29个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。 示例1: LhDisassembleInstructionEASYHOOK_NT_INTERNAL LhDisassembleInstruction(void* InPtr, ULONG* length, PSTR buf, LONG buffSize, ULONG64 *nextInstr){/*Description: Takes a pointer to machine code and returns the length and ASM code for the referenced instruction. Returns: STATUS_INVALID_PARAMETER The given pointer references invalid machine code.*/ // some exotic instructions might not be supported see the project // at https://github.com/vmt/udis86. ud_t ud_obj; ud_init(&ud_obj);#ifdef _M_X64 ud_set_mode(&ud_obj, 64);#else ud_set_mode(&ud_obj, 32);#endif ud_set_syntax(&ud_obj, UD_SYN_INTEL); ud_set_asm_buffer(&ud_obj, buf, buffSize); ud_set_input_buffer(&ud_obj, (uint8_t *)InPtr, 32); *length = ud_disassemble(&ud_obj); *nextInstr = (ULONG64)InPtr + *length; if(length > 0) return STATUS_SUCCESS; else return STATUS_INVALID_PARAMETER;}
开发者ID:ezhangle,项目名称:Easyhook,代码行数:35,
示例2: ud_initvoid Analysis::set_label_address(pCodeBufferInfo pinfo, AddressArray & _addra, std::map<long,int> & _map){ ud_t ud_obj; ud_init(&ud_obj);#ifndef PROTECT_X64 ud_set_mode(&ud_obj,32);#else ud_set_mode(&ud_obj,64);#endif ud_set_pc(&ud_obj,pinfo->addr); ud_set_input_buffer(&ud_obj, (uint8_t*)pinfo->buf, pinfo->size); ud_set_syntax(&ud_obj,UD_SYN_INTEL); std::vector <ud_t> ud_obj_array; int label = 0; while (ud_disassemble(&ud_obj) != 0) { if (ud_obj.insn_offset > _addra[label]) { //printf("当前地址不可能比分支地址大"); } if (ud_obj.insn_offset == _addra[label]) { _map.insert(std::make_pair(ud_obj.insn_offset,label)); //printf("地址:%08x,标签:%d/n",ud_obj.insn_offset,label); label++; } } }
开发者ID:Kernal-GH,项目名称:wprotect-2,代码行数:33,
示例3: LhGetInstructionLengthEASYHOOK_NT_INTERNAL LhGetInstructionLength(void* InPtr){/*Description: Takes a pointer to machine code and returns the length of the referenced instruction in bytes. Returns: STATUS_INVALID_PARAMETER The given pointer references invalid machine code.*/ LONG length = -1; // some exotic instructions might not be supported see the project // at https://github.com/vmt/udis86 and the forums. ud_t ud_obj; ud_init(&ud_obj);#ifdef _M_X64 ud_set_mode(&ud_obj, 64);#else ud_set_mode(&ud_obj, 32);#endif ud_set_input_buffer(&ud_obj, (uint8_t *)InPtr, 32); length = ud_disassemble(&ud_obj); // usually only between 1 and 5 if(length > 0) return length; else return STATUS_INVALID_PARAMETER;}
开发者ID:ezhangle,项目名称:Easyhook,代码行数:32,
示例4: HookEngine_Disassemble /** HookEngine_Disassemble Obtain the minimum number of instruction bytes that need to be copied from the target function, in order to accomodate our jump instruction */ static DWORD HookEngine_Disassemble(DWORD cbRequired, LPVOID pTargetFunctionAddress, DISASSEMBLY_DATA& DisassemblyData ) { CONST SIZE_T Page = 4096; ud_t ud_obj = { 0 }; ud_init(&ud_obj);#if defined(_M_IX86) ud_set_mode(&ud_obj, 32);#elif defined(_M_X64) ud_set_mode(&ud_obj, 64);#else#error Unsuported platform #endif ud_set_pc(&ud_obj, uint64_t(pTargetFunctionAddress)); ud_set_vendor(&ud_obj, UD_VENDOR_INTEL); ud_set_input_buffer(&ud_obj, (unsigned char*)pTargetFunctionAddress, Page); DWORD instrlen = 0; DisassemblyData.Count = 0; DisassemblyData.Length = 0; HookEngine_Memset(DisassemblyData.Instructions, 0, sizeof(DisassemblyData.Instructions)); HookEngine_Memset(DisassemblyData.InstuctionBuffer, 0, sizeof(DisassemblyData.InstuctionBuffer)); HookEngine_Memset(DisassemblyData.InstructionLengths, 0, sizeof(DisassemblyData.InstructionLengths)); do { instrlen = ud_disassemble(&ud_obj); if (instrlen) { if ((DisassemblyData.Length + instrlen) < MAX_INSTRUCTION_BUFFER) { DisassemblyData.Instructions[DisassemblyData.Count] = ud_obj; DisassemblyData.InstructionLengths[DisassemblyData.Count] = instrlen; DisassemblyData.Count++; HookEngine_Memcpy(&DisassemblyData.InstuctionBuffer[DisassemblyData.Length], ((BYTE*)pTargetFunctionAddress) + DisassemblyData.Length, instrlen); DisassemblyData.Length += instrlen; } } } while (DisassemblyData.Length < cbRequired && DisassemblyData.Count < MAX_INSTRUCTIONS && instrlen != 0); return DisassemblyData.Length; }
开发者ID:nettitude,项目名称:InlineFunctionHooking,代码行数:54,
示例5: sizeof /* * len must be aligned to the sizeof(long) */ int cnt = len / sizeof(long); size_t memsz = 0; for (int x = 0; x < cnt; x++) { uint8_t *addr = (uint8_t *) pc + (int)(x * sizeof(long)); long ret = ptrace(PT_READ_D, pid, addr, NULL); if (errno != 0) { LOGMSG_P(l_WARN, "Couldn't PT_READ_D on pid %d, addr: %p", pid, addr); break; } memsz += sizeof(long); memcpy(&buf[x * sizeof(long)], &ret, sizeof(long)); } return memsz;}#if defined(__i386__) || defined(__x86_64__)#ifndef MAX_OP_STRING#define MAX_OP_STRING 32#endif /* MAX_OP_STRING */static void arch_getX86InstrStr(pid_t pid, char *instr, void *pc){ /* * MAX_INSN_LENGTH is actually 15, but we need a value aligned to 8 * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) */ uint8_t buf[16]; size_t memsz; if ((memsz = arch_getProcMem(pid, buf, sizeof(buf), pc)) == 0) { snprintf(instr, MAX_OP_STRING, "%s", "[NOT_MMAPED]"); return; } ud_t ud_obj; ud_init(&ud_obj); ud_set_mode(&ud_obj, 64); ud_set_syntax(&ud_obj, UD_SYN_INTEL); ud_set_pc(&ud_obj, (uint64_t) (long)pc); ud_set_input_buffer(&ud_obj, buf, memsz); if (!ud_disassemble(&ud_obj)) { LOGMSG(l_WARN, "Couldn't disassemble the x86/x86-64 instruction stream"); return; } snprintf(instr, MAX_OP_STRING, "%s", ud_insn_asm(&ud_obj)); for (int x = 0; instr[x] && x < MAX_OP_STRING; x++) { if (instr[x] == '/' || instr[x] == '//' || isspace(instr[x]) || !isprint(instr[x])) { instr[x] = '_'; } }}
开发者ID:Berrrry,项目名称:honggfuzz-android,代码行数:57,
示例6: ud_initvoid Translator::Translate(uchar* native, int nativeSize, std::vector<NhoInstr>* nhos){ int c = 0; ud_t dis; ud_init(&dis); ud_set_mode(&dis, 32); ud_set_syntax(&dis, UD_SYN_INTEL); NhoInstr nho; while (c < nativeSize) { ud_set_input_buffer(&dis, &native[c], nativeSize - c >= MAX_INSN_LENGTH ? MAX_INSN_LENGTH : nativeSize - c); c += ud_disassemble(&dis); nho.mnemonic = dis.mnemonic ^ MNE_XOR; memcpy(&nho.operands, &dis.operand, sizeof(nho.operands)); nho.pfx_adr = dis.pfx_adr; nho.pfx_lock = dis.pfx_lock; nho.pfx_opr = dis.pfx_opr; nho.pfx_rep = dis.pfx_rep; nho.pfx_repe = dis.pfx_repe; nho.pfx_repne = dis.pfx_repne; nho.pfx_rex = dis.pfx_rex; nho.pfx_seg = dis.pfx_seg; nho.pfx_str = dis.pfx_str; }}
开发者ID:condabmt,项目名称:NhoVirtualizer,代码行数:26,
示例7: isValidPreOpCodeBOOL isValidPreOpCode(BYTE *buffer, UINT nsize){ ud_t ud_obj; ud_init(&ud_obj); ud_set_input_buffer(&ud_obj, buffer, nsize); ud_set_mode(&ud_obj, 64); ud_set_syntax(&ud_obj, UD_SYN_INTEL); ud_t temp_ud_obj; while (ud_disassemble(&ud_obj)) { temp_ud_obj = ud_obj; } char *str = ud_insn_asm(&temp_ud_obj); if(!_stricmp(str, "ret ")) return true; if(!_stricmp(str, "nop ")) return true; if(!_stricmp(str, "int3 ")) return true; return false;}
开发者ID:aeppert,项目名称:vtbl-ida-pro-plugin,代码行数:27,
示例8: newstatus_tDisassemblerX8664::Init(target_addr_t address, const void* code, size_t codeSize){ // unset old data delete fUdisData; fUdisData = NULL; // set new data fUdisData = new(std::nothrow) UdisData; if (fUdisData == NULL) return B_NO_MEMORY; fAddress = address; fCode = (const uint8*)code; fCodeSize = codeSize; // init udis ud_init(fUdisData); ud_set_input_buffer(fUdisData, (unsigned char*)fCode, fCodeSize); ud_set_mode(fUdisData, 64); ud_set_pc(fUdisData, (uint64_t)fAddress); ud_set_syntax(fUdisData, UD_SYN_ATT); ud_set_vendor(fUdisData, UD_VENDOR_INTEL); // TODO: Set the correct vendor! return B_OK;}
开发者ID:AmirAbrams,项目名称:haiku,代码行数:27,
示例9: disassemblestatic int disassemble(RAsm *a, RAsmOp *op, const ut8 *buf, int len) { int opsize; static ud_t d = {0}; static int osyntax = 0; if (!d.dis_mode) ud_init (&d); if (osyntax != a->syntax) { ud_set_syntax (&d, (a->syntax==R_ASM_SYNTAX_ATT)? UD_SYN_ATT: UD_SYN_INTEL); osyntax = a->syntax; } ud_set_input_buffer (&d, (uint8_t*) buf, len); ud_set_pc (&d, a->pc); ud_set_mode (&d, a->bits); opsize = ud_disassemble (&d); strncpy (op->buf_asm, ud_insn_asm (&d), R_ASM_BUFSIZE-1); op->buf_asm[R_ASM_BUFSIZE-1] = 0; if (opsize<1 || strstr (op->buf_asm, "invalid")) opsize = 0; op->size = opsize; if (a->syntax == R_ASM_SYNTAX_JZ) { if (!strncmp (op->buf_asm, "je ", 3)) { memcpy (op->buf_asm, "jz", 2); } else if (!strncmp (op->buf_asm, "jne ", 4)) { memcpy (op->buf_asm, "jnz", 3); } } return opsize;}
开发者ID:0x2F,项目名称:radare2,代码行数:29,
示例10: PredictBlockEnd/* * 预读分析阶段,在分区处理是时进行,数据与代码区域 * 范围的界定,纯数据区域返回TRUE,反之为FALSE */__INLINE__ __bool __INTERNAL_FUNC__ PredictBlockEnd(__memory pMem, __address ImageBase, __memory pCurr, __integer iSize, / __integer *piOutSize, PANALYZE_CONFIGURE pAnalyzeConfigure) { __bool bBlock = FALSE; __offset ofOffset = 0; ud_t ud_obj; ud_init(&ud_obj); ud_set_mode(&ud_obj, 32); ud_set_syntax(&ud_obj, UD_SYN_INTEL); ud_set_input_buffer(&ud_obj, pCurr, iSize); while (ud_disassemble(&ud_obj)) { enum ud_mnemonic_code mnemonic = ud_obj.mnemonic; if ((mnemonic == UD_Inop) || / (mnemonic == UD_Iint3) || / ((mnemonic == UD_Iadd) && (ud_obj.inp_ctr == 2) && (*(__word *)&(ud_obj.inp_sess) == 0))) { /* * 到达结束条件 * 检查是否到达了用户定义代码的最小范围,如果没到直接视为数据 * 如果大于等于则进入深入鉴别 */ if (ofOffset < pAnalyzeConfigure->bCodeMixSize) bBlock = TRUE; else // 进入深度分析 bBlock = DeepAnalyzeBlock(pMem, ImageBase, pCurr, ofOffset, pAnalyzeConfigure); *piOutSize = (__integer)ofOffset; return bBlock; }/* end if */ ofOffset += (__integer)ud_insn_len(&ud_obj); } // 这里做深度鉴别 bBlock = DeepAnalyzeBlock(pMem, ImageBase, pCurr, iSize, pAnalyzeConfigure); *piOutSize = (__integer)ofOffset; return bBlock;}
开发者ID:453483289,项目名称:cerberus,代码行数:39,
示例11: mainint main(void){ ud_t ud_obj; char x[4]; unsigned char buff[256]; int i, j; printf("Content-Type: text/html/r/n"); printf("/r/n"); char *qs = getenv("QUERY_STRING"); if(qs == NULL) return 1; for(i=0, j=0; qs[i] == '%'; i+=3, j++){ if(j >= sizeof(buff)) break; x[0] = *(qs+i+1); x[1] = *(qs+i+2); x[2] = '/0'; buff[j] = (unsigned char)strtoul(x, NULL, 16); } ud_init(&ud_obj); ud_set_input_buffer(&ud_obj, buff, j); ud_set_mode(&ud_obj, 32); ud_set_syntax(&ud_obj, UD_SYN_INTEL); while(ud_disassemble(&ud_obj)){ //printf("%d:%s", ud_insn_len(&ud_obj), ud_insn_asm(&ud_obj)); printf("%10s: %s/n", ud_insn_hex(&ud_obj), ud_insn_asm(&ud_obj)); } return 0;}
开发者ID:2016Sun,项目名称:binarybook,代码行数:35,
示例12: x86_epilogueintx86_epilogue(u8 *code, u16 require, struct x86_prologue *x86_prologue){ ud_t obj; ud_init(&obj); ud_set_mode(&obj, 64); ud_set_input_buffer(&obj, code, 64); for (int index = 0, total = 0; require > 0; ) { if (!ud_disassemble(&obj)) return -1; int len = ud_insn_len(&obj); require -= len; total += len; x86_prologue->instr[index].size = len; printf("asm: %s/n", ud_insn_asm(&obj)); //if (sizes) sizes[index] = eaten; index += 1; //count = index; } return 0;}
开发者ID:n13l,项目名称:kbuild,代码行数:27,
示例13: sizeofvoid WDbgArkUdis::Init(const unsigned __int8 mode) { std::memset(&m_udis_obj, 0, sizeof(m_udis_obj)); ud_init(&m_udis_obj); ud_set_mode(&m_udis_obj, mode); ud_set_syntax(&m_udis_obj, UD_SYN_INTEL); DEBUG_PROCESSOR_IDENTIFICATION_ALL processor_info; HRESULT result = g_Ext->m_Data->ReadProcessorSystemData(0, DEBUG_DATA_PROCESSOR_IDENTIFICATION, &processor_info, static_cast<unsigned __int32>(sizeof(processor_info)), nullptr); unsigned __int32 vendor = UD_VENDOR_ANY; if (SUCCEEDED(result) && (g_Ext->m_ActualMachine == IMAGE_FILE_MACHINE_I386 || g_Ext->m_ActualMachine == IMAGE_FILE_MACHINE_AMD64) ) { std::string vendor_string; if ( g_Ext->m_ActualMachine == IMAGE_FILE_MACHINE_I386 ) vendor_string = processor_info.X86.VendorString; else vendor_string = processor_info.Amd64.VendorString; if ( vendor_string == "GenuineIntel" ) vendor = UD_VENDOR_INTEL; else vendor = UD_VENDOR_AMD; } ud_set_vendor(&m_udis_obj, vendor);}
开发者ID:killbug2004,项目名称:wdbgark,代码行数:32,
示例14: ud_initpCodeInformation EquivalentInstruct::code_equivalent_replacement(pCodeInformation info,unsigned long imagebase){ ud_t ud_obj; ud_init(&ud_obj); ud_set_mode(&ud_obj, 32); ud_set_pc(&ud_obj,info->base); ud_set_input_buffer(&ud_obj, info->buf, info->size); ud_set_syntax(&ud_obj, UD_SYN_INTEL); char buff[0xFFF]; int error; while (ud_disassemble(&ud_obj) != 0) { switch (ud_obj.mnemonic) { case UD_NONE: break; case UD_Imov: { // dword_ptr() } break; } }}
开发者ID:601040605,项目名称:WProtect,代码行数:26,
示例15: x86_udis86_opint x86_udis86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len) { int oplen; struct ud u; ud_init (&u); ud_set_pc (&u, addr); ud_set_mode (&u, anal->bits); ud_set_syntax (&u, NULL); ud_set_input_buffer (&u, data, len); ud_disassemble (&u); memset (op, '/0', sizeof (RAnalOp)); op->addr = addr; op->jump = op->fail = -1; op->ref = op->value = -1; oplen = op->length = ud_insn_len (&u); switch (u.mnemonic) { case UD_Ijmp: op->type = R_ANAL_OP_TYPE_JMP; op->jump = addr + oplen + getval (&u.operand[0]); break; case UD_Ijz: case UD_Ijnz: case UD_Ijb: case UD_Ijbe: case UD_Ija: case UD_Ijs: case UD_Ijns: case UD_Ijo: case UD_Ijno: case UD_Ijp: case UD_Ijnp: case UD_Ijl: case UD_Ijge: case UD_Ijle: case UD_Ijg: case UD_Ijcxz: op->type = R_ANAL_OP_TYPE_CJMP; op->jump = addr + oplen + getval (&u.operand[0]); op->fail = addr+oplen; break; case UD_Icall: op->type = R_ANAL_OP_TYPE_CALL; op->jump = oplen + getval (&u.operand[0]); op->fail = addr+oplen; break; case UD_Iret: case UD_Iretf: case UD_Isysret: op->type = R_ANAL_OP_TYPE_RET; break; case UD_Isyscall: op->type = R_ANAL_OP_TYPE_SWI; break; case UD_Inop: op->type = R_ANAL_OP_TYPE_NOP; break; default: break; } return oplen;}
开发者ID:Missuniverse110,项目名称:radare2,代码行数:60,
示例16: DisassembleEpvoid DisassembleEp(hadesmem::Process const& process, hadesmem::PeFile const& pe_file, std::uintptr_t ep_rva, void* ep_va, std::size_t tabs){ if (!ep_va) { return; } std::wostream& out = GetOutputStreamW(); // Get the number of bytes from the EP to the end of the file. std::size_t max_buffer_size = GetBytesToEndOfFile(pe_file, ep_va); // Clamp the amount of data read to the theoretical maximum. std::size_t const kMaxInstructions = 10U; std::size_t const kMaxInstructionLen = 15U; std::size_t const kMaxInstructionsBytes = kMaxInstructions * kMaxInstructionLen; max_buffer_size = (std::min)(max_buffer_size, kMaxInstructionsBytes); auto const disasm_buf = hadesmem::ReadVector<std::uint8_t>(process, ep_va, max_buffer_size); std::uint64_t const ip = hadesmem::GetRuntimeBase(process, pe_file) + ep_rva; ud_t ud_obj; ud_init(&ud_obj); ud_set_input_buffer(&ud_obj, disasm_buf.data(), max_buffer_size); ud_set_syntax(&ud_obj, UD_SYN_INTEL); ud_set_pc(&ud_obj, ip); ud_set_mode(&ud_obj, pe_file.Is64() ? 64 : 32); // Be pessimistic. Use the minimum theoretical amount of instrutions we could // fit in our buffer. std::size_t const instruction_count = max_buffer_size / kMaxInstructionLen; for (std::size_t i = 0U; i < instruction_count; ++i) { std::uint32_t const len = ud_disassemble(&ud_obj); if (len == 0) { WriteNormal(out, L"WARNING! Disassembly failed.", tabs); // If we can't disassemble at least 5 instructions there's probably // something strange about the function. Even in the case of a nullsub // there is typically some INT3 or NOP padding after it... WarnForCurrentFile(i < 5U ? WarningType::kUnsupported : WarningType::kSuspicious); break; } char const* const asm_str = ud_insn_asm(&ud_obj); HADESMEM_DETAIL_ASSERT(asm_str); char const* const asm_bytes_str = ud_insn_hex(&ud_obj); HADESMEM_DETAIL_ASSERT(asm_bytes_str); auto const diasm_line = hadesmem::detail::MultiByteToWideChar(asm_str) + L" (" + hadesmem::detail::MultiByteToWideChar(asm_bytes_str) + L")"; WriteNormal(out, diasm_line, tabs); }}
开发者ID:GliderPro,项目名称:hadesmem,代码行数:59,
示例17: LoadLibraryvoid Analysis::analysis_address_table(pCodeBufferInfo pinfo, std::vector<long> & addr_entry_table, long addr_min, long addr_max) //jmp [addr_table + reg] 查找addr_table里面的值{/*#define WINDOWS#include <Windows.h> HMODULE module = LoadLibrary("");#endif*/ ud_t ud_obj; ud_init(&ud_obj);#ifndef PROTECT_X64 ud_set_mode(&ud_obj,32);#else ud_set_mode(&ud_obj,64);#endif ud_set_pc(&ud_obj,pinfo->addr); ud_set_input_buffer(&ud_obj, (uint8_t*)pinfo->buf, pinfo->size); ud_set_syntax(&ud_obj,UD_SYN_INTEL); while(ud_disassemble(&ud_obj) != 0) { if (ud_obj.operand[0].type == UD_OP_MEM) { if (ud_obj.operand[0].offset == 32) { long addr = ud_obj.operand[0].lval.sdword; if (addr <= addr_max && addr >= addr_min) addr_entry_table.push_back(addr); } } if (ud_obj.operand[1].type == UD_OP_MEM) { if (ud_obj.operand[1].offset == 32) { long addr = ud_obj.operand[1].lval.sdword; if (addr <= addr_max && addr >= addr_min) addr_entry_table.push_back(addr); } } //if (ud_insn_mnemonic(&ud_obj) == UD_Ijmp && ud_obj.operand[0].type == UD_OP_MEM) //{ //} }}
开发者ID:Kernal-GH,项目名称:wprotect-2,代码行数:46,
示例18: elf32_label_addressstruct _label * elf32_label_address (struct _elf32 * elf32, struct _map * memory, uint64_t address){ Elf32_Shdr * plt_shdr = elf32_shdr_by_name(elf32, ".plt"); uint64_t plt_bottom; uint64_t plt_top; if (plt_shdr == NULL) { plt_bottom = -1; plt_top = -1; } else { plt_bottom = plt_shdr->sh_addr; plt_top = plt_bottom + plt_shdr->sh_size; } // plt functions are a special case, as we try to identify their targets // in the got // address is within the plt if ( (address >= plt_bottom) && (address < plt_top)) { // disassemble instruction uint8_t * data = &(elf32->data[address - elf32_base_address(elf32)]); ud_t ud_obj; ud_init(&ud_obj); ud_set_mode (&ud_obj, 32); ud_set_input_buffer(&ud_obj, data, 0x20); ud_disassemble(&ud_obj); if ( (ud_obj.mnemonic == UD_Ijmp) && (udis86_sign_extend_lval(&(ud_obj.operand[0])) != -1)) { uint64_t target = udis86_sign_extend_lval(&(ud_obj.operand[0])); const char * name = elf32_rel_name_by_address(elf32, target); if (name != NULL) { char plttmp[256]; snprintf(plttmp, 256, "%[email
C++ udata_close函数代码示例
C++ ucs_status_string函数代码示例
|
