文件名称:Hacker Disassembler Engine
介绍说明--下载内容均来自于网络,请自行研究使用
Please excuse my english... It's so bad :)
Hacker Disassembler Engine, or HDE, is small disassembler engine, which intend to
code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode,
immediate, displacement, relative address, etc. For example, you can use HDE when
writing unpackers or decryptors executable files, because more others disassemblers
too big, get only disasm listing and aren't intended for code analys, but more simple
length disassemblers usually get too little info. HDE get enough info to analyse, but
it has very small size. HDE package include DLL, objects, headers files and and source.
+ support MMX, SSE, SSE2, SSE3, 3DNow! instructions
+ high-speed & small size (coded in assembler ;)
+ compatibility with most coding language
To disassemble should call hde_disasm function:
DWORD hde_disasm(
void *pCode // pointer to code
HDE_STRUCT *pHDE_STRUCT // pointer to structure HDE_STRUCT
);
Function return length of command and fill structure HDE_STRUCT:
struct HDE_STRUCT
{
BYTE len; // length of command
BYTE p_rep; // rep/repnz/.. prefix: 0xF2 or 0xF3
BYTE p_lock; // lock prefix 0xF0
BYTE p_seg; // segment prefix: 0x2E, 0x36, 0x3E, 0x26, 0x64, 0x65
BYTE p_66; // prefix 0x66
BYTE p_67; // prefix 0x67
BYTE opcode; // opcode
BYTE opcode2; // second opcode, if first opcode equal 0x0F
BYTE modrm; // ModR/M byte
BYTE modrm_mod; // - mod byte of ModR/M
BYTE modrm_reg; // - reg byte of ModR/M
BYTE modrm_rm; // - r/m byte of ModR/M
BYTE sib; // SIB byte
BYTE sib_scale; // - scale (ss) byte of SIB
BYTE sib_index; // - index byte of SIB
BYTE sib_base; // - base byte of SIB
BYTE imm8; // immediate imm8
WORD imm16; // immediate imm16
DWORD imm32; // immediate imm32
BYTE disp8; // displacement disp8
WORD disp16; // displacement disp16, if prefix 0x67 exist
DWORD disp32; // displacement disp32
BYTE rel8; // relative address rel8
WORD rel16; // relative address rel16, if prefix 0x66 exist
DWORD rel32; // relative address rel32
};
Opcode and len fields always exist, others are optional and depend of command. If
field's value equal zero, then it isn't existing.
Note: HDE work only with 32-bit commands of x86 processors !
Hacker Disassembler Engine, or HDE, is small disassembler engine, which intend to
code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode,
immediate, displacement, relative address, etc. For example, you can use HDE when
writing unpackers or decryptors executable files, because more others disassemblers
too big, get only disasm listing and aren't intended for code analys, but more simple
length disassemblers usually get too little info. HDE get enough info to analyse, but
it has very small size. HDE package include DLL, objects, headers files and and source.
+ support MMX, SSE, SSE2, SSE3, 3DNow! instructions
+ high-speed & small size (coded in assembler ;)
+ compatibility with most coding language
To disassemble should call hde_disasm function:
DWORD hde_disasm(
void *pCode // pointer to code
HDE_STRUCT *pHDE_STRUCT // pointer to structure HDE_STRUCT
);
Function return length of command and fill structure HDE_STRUCT:
struct HDE_STRUCT
{
BYTE len; // length of command
BYTE p_rep; // rep/repnz/.. prefix: 0xF2 or 0xF3
BYTE p_lock; // lock prefix 0xF0
BYTE p_seg; // segment prefix: 0x2E, 0x36, 0x3E, 0x26, 0x64, 0x65
BYTE p_66; // prefix 0x66
BYTE p_67; // prefix 0x67
BYTE opcode; // opcode
BYTE opcode2; // second opcode, if first opcode equal 0x0F
BYTE modrm; // ModR/M byte
BYTE modrm_mod; // - mod byte of ModR/M
BYTE modrm_reg; // - reg byte of ModR/M
BYTE modrm_rm; // - r/m byte of ModR/M
BYTE sib; // SIB byte
BYTE sib_scale; // - scale (ss) byte of SIB
BYTE sib_index; // - index byte of SIB
BYTE sib_base; // - base byte of SIB
BYTE imm8; // immediate imm8
WORD imm16; // immediate imm16
DWORD imm32; // immediate imm32
BYTE disp8; // displacement disp8
WORD disp16; // displacement disp16, if prefix 0x67 exist
DWORD disp32; // displacement disp32
BYTE rel8; // relative address rel8
WORD rel16; // relative address rel16, if prefix 0x66 exist
DWORD rel32; // relative address rel32
};
Opcode and len fields always exist, others are optional and depend of command. If
field's value equal zero, then it isn't existing.
Note: HDE work only with 32-bit commands of x86 processors !
(系统自动生成,下载前可以参看下载内容)
下载文件列表
压缩包 : hde.0.03.zip 列表 BIN/ BIN/MSCOFF/ BIN/MSCOFF/HDE.OBJ BIN/MSCOFF/HDE.LIB BIN/MSCOFF/Readme.txt BIN/HDE.INC BIN/HDE.H BIN/DLL/ BIN/DLL/HDE.DLL BIN/DLL/HDE.LIB BIN/DLL/HDE.EXP BIN/DLL/Readme.txt BIN/Readme.txt BIN/OMF/ BIN/OMF/HDE.OBJ BIN/OMF/Readme.txt BIN/OMF/HDE.LIB BIN/HDE.PAS DOC/ DOC/hde.rus.txt DOC/License.txt DOC/hde.eng.txt EXAMPLES/ EXAMPLES/DLL/ EXAMPLES/DLL/EXAMPLE.ASM EXAMPLES/DLL/EXAMPLE.EXE EXAMPLES/MSCOFF/ EXAMPLES/MSCOFF/EXAMPLE.ASM EXAMPLES/MSCOFF/EXAMPLE.EXE SRC/ SRC/OBJ/ SRC/OBJ/HDE.ASM SRC/OBJ/OBJ.BAT SRC/DLL/ SRC/DLL/RSRC.RES SRC/DLL/HDE.ASM SRC/DLL/DLL.BAT SRC/DLL/HDE.DEF SRC/HDE.INC SRC/TABLE.INC