|
- #include <stdio.h>
- #include <stdlib.h>
- #include <stdbool.h>
- #include <string.h>
-
- #ifdef WINDOWS
- #include <windows.h>
- #else
- #include <sys/mman.h>
- #endif
-
- #include "udis86.h"
- #include "misc.h"
-
- void* alloc_rwx(size_t size) {
- #ifdef WINDOWS
- return VirtualAlloc(NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWIRTE);
- #else
- return mmap(NULL, size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
- #endif
- }
-
- bool set_rwx(void* addr, size_t size) {
- #ifdef WINDOWS
- DWORD tmp;
- return VirtualProtect(addr, size, PAGE_EXECUTE_READWIRTE, &tmp) == TRUE;
- #else
- return mprotect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC) == 0;
- #endif
- }
-
- void disassemble_func(void* function, size_t numberOfInstr)
- {
- unsigned char* p = function;
- ud_t ud;
-
- ud_init(&ud);
- ud_set_input_buffer(&ud, function,
- (size_t)function | (0x1000 - 1) // Can't read further than page boundary - there be dragons
- );
- ud_set_pc(&ud, (uint64_t)function);
- ud_set_mode(&ud, 64);
- ud_set_syntax(&ud, UD_SYN_INTEL);
-
- for(size_t i = 0; i < numberOfInstr; i++)
- {
- size_t instrLen = 0;
- if(!(instrLen = ud_disassemble(&ud)) || ud.error)
- return;
-
- p += instrLen;
-
- printf("%p %s\n", ud_insn_off(&ud), ud_insn_asm(&ud));
-
- /* jmp qword [rip] is used by the hooking engine
- * x64 relative jumps don't exists so this way is used:
- * jmp qword [rip]
- * address where to tjump to
- * other code
- * Disassembling the address fucks up the dissassembling
- * todo: Follow all jump targets?
- */
- if(strcmp(ud_insn_asm(&ud), "jmp qword [rip]") == 0)
- p += 8;
- }
- }
|
