Class: FFI::UDis86::UD

Inherits:

Struct

• Object
• Struct
• FFI::UDis86::UD

Includes:

Enumerable

Defined in:

lib/ffi/udis86/ud.rb

Class Method Summary

• .create(options = {}) {|ud| ... } ⇒ UD

  Creates a new disassembler object.

• .open(path, options = {}) {|ud| ... } ⇒ Object

  Opens a file and disassembles it.

Instance Method Summary

• #address_prefix ⇒ Integer

  The address-size prefix (67h) of the last disassembled instruction.

• #disassemble {|ud| ... } ⇒ UD (also: #disas, #each)

  Reads each byte, disassembling each instruction.

• #init ⇒ UD

  Initializes the disassembler.

• #input_buffer ⇒ String

  Returns the input buffer used by the disassembler.

• #input_buffer=(data) ⇒ String

  Sets the contents of the input buffer for the disassembler.

• #input_callback {|ud| ... } ⇒ Object

  Sets the input callback for the disassembler.

• #insn_length ⇒ Integer

  Returns the number of bytes that were disassembled.

• #insn_offset ⇒ Integer

  Returns the starting offset of the disassembled instruction relative to the initial value of the Program Counter (PC).

• #insn_ptr ⇒ FFI::Pointer

  Returns the pointer to the buffer holding the disassembled instruction bytes.

• #lock_prefix ⇒ Integer

  The lock prefix of the last disassembled instruction.

• #mnemonic ⇒ Symbol

  The mnemonic string of the last disassembled instruction.

• #mnemonic_code ⇒ Symbol

  The mnemonic code of the last disassembled instruction.

• #mode ⇒ Integer

  Returns the mode the disassembler is running in.

• #mode=(new_mode) ⇒ Integer

  Sets the mode the disassembler will run in.

• #next_insn ⇒ UD

  Disassembles the next instruction in the input stream.

• #operand_prefix ⇒ Integer

  The operand-size prefix (66h) of the last disassembled instruction.

• #operands ⇒ Array<Operand>

  Returns the operands for the last disassembled instruction.

• #pc ⇒ Integer

  Returns the current value of the Program Counter (PC).

• #pc=(new_pc) ⇒ Integer

  Sets the value of the Program Counter (PC).

• #rep_prefix ⇒ Integer

  The rep prefix of the last disassembled instruction.

• #repe_prefix ⇒ Integer

  The repe prefix of the last disassembled instruction.

• #repne_prefix ⇒ Integer

  The repne prefix of the last disassembled instruction.

• #rex_prefix ⇒ Integer

  The 64-bit mode REX prefix of the last disassembled instruction.

• #segment_prefix ⇒ Integer

  The segment register prefix of the last disassembled instruction.

• #skip(n) ⇒ UD

  Causes the disassembler to skip a certain number of bytes in the input stream.

• #syntax=(new_syntax) ⇒ Symbol

  Sets the assembly syntax that the disassembler will emit.

• #to_asm ⇒ String (also: #to_s)

  Returns the assembly syntax for the last disassembled instruction.

• #to_hex ⇒ String

  Returns the hexadecimal representation of the disassembled instruction.

• #vendor ⇒ Symbol

  The vendor of whose instructions are to be chosen from during disassembly.

• #vendor=(new_vendor) ⇒ Symbol

  Sets the vendor, of whose instructions are to be chosen from during disassembly.

Class Method Details

.create(options = {}) {|ud| ... } ⇒ UD

Creates a new disassembler object.

Parameters:

• options (Hash) (defaults to: {}) —

  Additional options.

Options Hash (options):

• :mode (Integer) — default: 32 —

  The mode of disassembly, can either 16, 32 or 64.

• :syntax (Integer) — default: :intel —

  The assembly syntax the disassembler will emit, can be either :att or :intel.

• :buffer (String) —

  A buffer to disassemble.

• :vendor (Symbol) —

  Sets the vendor of whose instructions to choose from. Can be either :amd or :intel.

• :pc (Integer) —

  Initial value of the Program Counter (PC).

Yields:

• (ud) —

  If a block is given, it will be used as an input callback to return the next byte to disassemble. When the block returns -1, the disassembler will stop processing input.

Yield Parameters:

• ud (UD) —

  The disassembler.

Returns:

• (UD) —

  The newly created disassembler.

# File 'lib/ffi/udis86/ud.rb', line 89

def self.create(options={},&block)
  ud = self.new
  ud.init

  ud.mode = (options[:mode] || 32)

  if options[:buffer]
    ud.input_buffer = options[:buffer]
  end

  ud.syntax = (options[:syntax] || :intel)

  if options[:vendor]
    ud.vendor = options[:vendor]
  end

  if options[:pc]
    ud.pc = options[:pc]
  end

  ud.input_callback(&block) if block

  return ud
end

.open(path, options = {}) {|ud| ... } ⇒ Object

Opens a file and disassembles it.

Parameters:

• path (String) —

  The path to the file.

• options (Hash) (defaults to: {}) —

  Additional options for the disassembler.

Options Hash (options):

• :mode (Integer) — default: 32 —

  The mode of disassembly, can either 16, 32 or 64.

• :syntax (Integer) — default: :intel —

  The assembly syntax the disassembler will emit, can be either :att or :intel.

• :buffer (String) —

  A buffer to disassemble.

• :vendor (Symbol) —

  Sets the vendor of whose instructions to choose from. Can be either :amd or :intel.

• :pc (Integer) —

  Initial value of the Program Counter (PC).

Yields:

• (ud) —

  If a block is given, it will be passed the newly created UD object, configured to disassembler the file.

Yield Parameters:

• ud (UD) —

  The newly created disassembler.

# File 'lib/ffi/udis86/ud.rb', line 147

def self.open(path,options={})
  File.open(path,'rb') do |file|
    ud = self.create(options) do |ud|
      if (b = file.getc)
        b.ord
      else
        -1
      end
    end

    yield ud if block_given?
  end

  return nil
end

Instance Method Details

#address_prefix ⇒ Integer

The address-size prefix (67h) of the last disassembled instruction.

Returns:

• (Integer) —

  The address-size prefix.

# File 'lib/ffi/udis86/ud.rb', line 409

def address_prefix
  self[:pfx_adr]
end

#disassemble {|ud| ... } ⇒ UD Also known as: disas, each

Reads each byte, disassembling each instruction.

Yields:

• (ud) —

  If a block is given, it will be passed the disassembler after each instruction has been disassembled.

Yield Parameters:

• ud (UD) —

  The disassembler.

Returns:

• (UD) —

  The disassembler.

# File 'lib/ffi/udis86/ud.rb', line 543

def disassemble
  until UDis86.ud_disassemble(self) == 0
    yield self if block_given?
  end

  return self
end

#init ⇒ UD

Initializes the disassembler.

Returns:

• (UD) —

  The initialized disassembler.

# File 'lib/ffi/udis86/ud.rb', line 169

def init
  UDis86.ud_init(self)
  return self
end

#input_buffer ⇒ String

Returns the input buffer used by the disassembler.

Returns:

• (String) —

  The current contents of the input buffer.

# File 'lib/ffi/udis86/ud.rb', line 180

def input_buffer
  if @input_buffer
    @input_buffer.get_bytes(0,@input_buffer.total)
  else
    ''
  end
end

#input_buffer=(data) ⇒ String

Sets the contents of the input buffer for the disassembler.

Parameters:

• data (Array<Integer>, String) —

  The new contents to use for the input buffer.

Returns:

• (String) —

  The new contents of the input buffer.

Raises:

• (RuntimeError) —

  The given input buffer was neither a String or an Array of bytes.

# File 'lib/ffi/udis86/ud.rb', line 200

def input_buffer=(data)
  data = data.to_s

  @input_buffer = FFI::MemoryPointer.new(data.length)

  if data.kind_of?(Array)
    @input_buffer.put_array_of_uint8(0,data)
  elsif data.kind_of?(String)
    @input_buffer.put_bytes(0,data)
  else
    raise(RuntimeError,"input buffer must be either a String or an Array of bytes",caller)
  end

  UDis86.ud_set_input_buffer(self,@input_buffer,@input_buffer.total)
  return data
end

#input_callback {|ud| ... } ⇒ Object

Sets the input callback for the disassembler.

Yields:

• (ud) —

  If a block is given, it will be used to get the next byte of input to disassemble. When the block returns -1, the disassembler will stop processing input.

Yield Parameters:

• The (UD) —

  disassembler.

# File 'lib/ffi/udis86/ud.rb', line 228

def input_callback(&block)
  if block
    @input_callback = Proc.new { |ptr| block.call(self) }

    UDis86.ud_set_input_hook(self,@input_callback)
  end

  return @input_callback
end

#insn_length ⇒ Integer

Returns the number of bytes that were disassembled.

Returns:

• (Integer) —

  The number of bytes disassembled.

# File 'lib/ffi/udis86/ud.rb', line 504

def insn_length
  UDis86.ud_insn_len(self)
end

#insn_offset ⇒ Integer

Returns the starting offset of the disassembled instruction relative to the initial value of the Program Counter (PC).

Returns:

• (Integer) —

  The offset of the instruction.

# File 'lib/ffi/udis86/ud.rb', line 515

def insn_offset
  UDis86.ud_insn_off(self)
end

#insn_ptr ⇒ FFI::Pointer

Returns the pointer to the buffer holding the disassembled instruction bytes.

Returns:

• (FFI::Pointer) —

  The pointer to the instruction buffer.

# File 'lib/ffi/udis86/ud.rb', line 526

def insn_ptr
  UDis86.ud_insn_ptr(self)
end

#lock_prefix ⇒ Integer

The lock prefix of the last disassembled instruction.

Returns:

• (Integer) —

  The lock prefix.

# File 'lib/ffi/udis86/ud.rb', line 419

def lock_prefix
  self[:pfx_lock]
end

#mnemonic ⇒ Symbol

The mnemonic string of the last disassembled instruction.

Returns:

• (Symbol) —

  The mnemonic string.

# File 'lib/ffi/udis86/ud.rb', line 369

def mnemonic
  UDis86.ud_lookup_mnemonic(self[:mnemonic]).to_sym
end

#mnemonic_code ⇒ Symbol

The mnemonic code of the last disassembled instruction.

Returns:

• (Symbol) —

  The mnemonic code.

# File 'lib/ffi/udis86/ud.rb', line 359

def mnemonic_code
  self[:mnemonic]
end

#mode ⇒ Integer

Returns the mode the disassembler is running in.

Returns:

• (Integer) —

  Returns either 16, 32 or 64.

# File 'lib/ffi/udis86/ud.rb', line 244

def mode
  self[:dis_mode]
end

#mode=(new_mode) ⇒ Integer

Sets the mode the disassembler will run in.

Parameters:

• new_mode (Integer) —

  The mode the disassembler will run in. Can be either 16, 32 or 64.

Returns:

• (Integer) —

  The new mode of the disassembler.

# File 'lib/ffi/udis86/ud.rb', line 257

def mode=(new_mode)
  unless MODES.include?(new_mode)
    raise(RuntimeError,"invalid disassembly mode #{new_mode}",caller)
  end

  UDis86.ud_set_mode(self,new_mode)
  return new_mode
end

#next_insn ⇒ UD

Disassembles the next instruction in the input stream.

Returns:

• (UD) —

  The disassembler.

# File 'lib/ffi/udis86/ud.rb', line 494

def next_insn
  UDis86.ud_disassemble(self)
end

#operand_prefix ⇒ Integer

The operand-size prefix (66h) of the last disassembled instruction.

Returns:

• (Integer) —

  The operand-size prefix.

# File 'lib/ffi/udis86/ud.rb', line 399

def operand_prefix
  self[:pfx_opr]
end

#operands ⇒ Array<Operand>

Returns the operands for the last disassembled instruction.

Returns:

• (Array<Operand>) —

  The operands of the instruction.

# File 'lib/ffi/udis86/ud.rb', line 482

def operands
  self[:operand].entries.select do |operand|
    OPERAND_TYPES.include?(operand.type)
  end
end

#pc ⇒ Integer

Returns the current value of the Program Counter (PC).

Returns:

• (Integer) —

  The value of the PC.

# File 'lib/ffi/udis86/ud.rb', line 320

def pc
  self[:pc]
end

#pc=(new_pc) ⇒ Integer

Sets the value of the Program Counter (PC).

Parameters:

• new_pc (Integer) —

  The new value to use for the PC.

Returns:

• (Integer) —

  The new value of the PC.

# File 'lib/ffi/udis86/ud.rb', line 333

def pc=(new_pc)
  UDis86.ud_set_pc(self,new_pc)
  return new_pc
end

#rep_prefix ⇒ Integer

The rep prefix of the last disassembled instruction.

Returns:

• (Integer) —

  The rep prefix.

# File 'lib/ffi/udis86/ud.rb', line 429

def rep_prefix
  self[:pfx_rep]
end

#repe_prefix ⇒ Integer

The repe prefix of the last disassembled instruction.

Returns:

• (Integer) —

  The repe prefix.

# File 'lib/ffi/udis86/ud.rb', line 439

def repe_prefix
  self[:pfx_repe]
end

#repne_prefix ⇒ Integer

The repne prefix of the last disassembled instruction.

Returns:

• (Integer) —

  The repne prefix.

# File 'lib/ffi/udis86/ud.rb', line 449

def repne_prefix
  self[:pfx_repne]
end

#rex_prefix ⇒ Integer

The 64-bit mode REX prefix of the last disassembled instruction.

Returns:

• (Integer) —

  The 64-bit REX prefix.

# File 'lib/ffi/udis86/ud.rb', line 379

def rex_prefix
  self[:pfx_rex]
end

#segment_prefix ⇒ Integer

The segment register prefix of the last disassembled instruction.

Returns:

• (Integer) —

  The segment register prefix.

# File 'lib/ffi/udis86/ud.rb', line 389

def segment_prefix
  self[:pfx_seg]
end

#skip(n) ⇒ UD

Causes the disassembler to skip a certain number of bytes in the input stream.

Parameters:

• n (Integer) —

  The number of bytes to skip.

Returns:

• (UD) —

  The disassembler.

# File 'lib/ffi/udis86/ud.rb', line 348

def skip(n)
  UDis86.ud_input_skip(self,n)
  return self
end

#syntax=(new_syntax) ⇒ Symbol

Sets the assembly syntax that the disassembler will emit.

Parameters:

• new_syntax (Symbol, String) —

  The new assembler syntax the disassembler will emit. Can be either :att or :intel.

Returns:

• (Symbol) —

  The new assembly syntax being used.

# File 'lib/ffi/udis86/ud.rb', line 276

def syntax=(new_syntax)
  new_syntax = new_syntax.to_s.downcase.to_sym
  func_name = UDis86::SYNTAX[new_syntax]

  unless func_name
    raise(ArgumentError,"unknown syntax name #{new_syntax}",caller)
  end

  UDis86.ud_set_syntax(self,UDis86.method(func_name))
  return new_syntax
end

#to_asm ⇒ String Also known as: to_s

Returns the assembly syntax for the last disassembled instruction.

Returns:

• (String) —

  The assembly syntax for the instruction.

# File 'lib/ffi/udis86/ud.rb', line 459

def to_asm
  UDis86.ud_insn_asm(self)
end

#to_hex ⇒ String

Returns the hexadecimal representation of the disassembled instruction.

Returns:

• (String) —

  The hexadecimal form of the disassembled instruction.

# File 'lib/ffi/udis86/ud.rb', line 470

def to_hex
  UDis86.ud_insn_hex(self)
end

#vendor ⇒ Symbol

The vendor of whose instructions are to be chosen from during disassembly.

Returns:

• (Symbol) —

  The vendor name, may be either :amd or :intel.

# File 'lib/ffi/udis86/ud.rb', line 295

def vendor
  VENDORS[self[:vendor]]
end

#vendor=(new_vendor) ⇒ Symbol

Sets the vendor, of whose instructions are to be chosen from during disassembly.

Parameters:

• new_vendor (Symbol) —

  The new vendor to use, can be either :amd or :intel.

Returns:

• (Symbol) —

  The new vendor to use.

# File 'lib/ffi/udis86/ud.rb', line 309

def vendor=(new_vendor)
  UDis86.ud_set_vendor(self,VENDORS.index(new_vendor))
  return new_vendor
end